Aggregated findings across AWS services and partner solutions
AWS Security Hub collects and aggregates findings from the AWS security services enabled in your environment, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. AWS Security Hub also aggregates findings from integrated AWS Partner Network (APN) security solutions.
Preconfigured security insights
Security insights are grouped findings to highlight emerging trends or possible issues. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities, or S3 buckets with public read or write permissions. Insights are designed to quickly flag the resources and accounts of most concern.
Custom insights for your environment
You can create and customize your own insights, or you can base them on the preconfigured security insights offered by AWS Security Hub. For example, you can create an insight to identify EC2 instances that don't meet security standards / best practices and are tagged as “production.” You build insights using the dropdown menus and filters to tailor them to your specific security and compliance needs.
With a few clicks in the AWS Security Hub console, you can associate your AWS accounts together and aggregates findings across those accounts. For example, with a multi-account environment you can view a line chart that illustrates high severity findings by account, helping you to identify which accounts need immediate attention.
Automated, continuous compliance checks
You can automate continuous, account-level configuration and compliance checks using industry standards and best practices. For example, the Center for Internet Security (CIS) has published the CIS AWS Foundations Benchmark, a set of security configuration best practices for AWS. These industry-accepted best practices go beyond the high-level security guidance already available, providing AWS users with clear, step-by-step implementation, and assessment procedures. Your accounts and resources that deviate from a best practice or industry standard are identified with recommended actions.
Standardized findings format
The security data from AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie use a standardized format. In addition, integrated solutions from partners such as Check Point, CrowdStrike, Palo Alto Networks, Qualys, and Symantec (see the full list of AWS Security Hub Partners), also use a standardized findings format, eliminating the need for time-consuming data parsing and normalization efforts on your part. Now you can focus on insights generated from the aggregated data. All findings are stored for 90 days within AWS Security Hub.
Broad partner integrations
AWS Security Hub can collect findings from integrated security tools offered by a broad set of AWS Partners, including Alert Logic, Armor, Barracuda, Check Point, CrowdStrike, CyberArk, Demisto, Dome9, F5 Networks, Fortinet, GuardiCore, IBM, McAfee, Palo Alto Networks, Qualys, Rapid7, Redlock, Sophos, Splunk, Sumo Logic, Symantec, Tenable, Trend Micro, Turbot, and Twistlock. Learn more about AWS Security Hub Partners.
You get visual summarizes of your security findings on integrated dashboards to help you monitor your compliance with best practices and industry standards and to quickly identify security issues and trends. For example, you can now drill down into a trend-line graph to uncover that a set of Amazon EC2 instances with a high number of findings all have been created using the same AMI.
AWS Security Hub is currently in the preview and available at no additional cost during the preview period.
Instantly get access to the AWS Free Tier.
Get started with AWS Security Hub in the AWS Console.