AWS Security Hub can automatically aggregate security findings data from supported AWS Partner Network (APN) security solutions, so you can have a comprehensive view of security and compliance across your AWS environment.
If you have a security solution and are interested in becoming an AWS Security Hub partner, please send an email to firstname.lastname@example.org with your company and product(s) names, APN tier level, and contact information.
To get started, download our onboarding documents available in the Resources section below. Please read through (at a minimum) the onboarding guide and FAQs, and then begin working on your manifest. You must be an APN Select Tier Partner or above to become a Security Hub partner.
Alert Logic®'s security analysts and security content teams made up of data scientists, researchers and developers work together to constantly gather threat intelligence. They stay on the cutting edge of threat intelligence and use machine-learning that builds on data from our customers to enable ever-smarter, ever-stronger security coverage. Alert Logic then leverages the data to extend the security alerts and compliance status provided by AWS Security Hub to help customers understand impact and respond to findings. They absorb the complexity from threat identification and provide the required expert service for deployment, operation and ongoing security processes.
Aqua Security was founded in 2015, as containers and serverless technologies were just emerging, recognizing that the dramatic change in application development and architecture requires an equally dramatic shift in security. Aqua Cloud Native Security Platform provides full lifecycle security for container-based and serverless applications, from your CI/CD pipeline to runtime production environments. The Aqua platform has data about the container host and the containers running on the host. The integration allows the platform to send alerts to AWS Security Hub.
Armor is a security-as-a-service provider. Armor's Anywhere Platform provides security services and integrations that help you accelerate your adoption of AWS. Armor Anywhere integrates with AWS Security Hub to deliver deeper security insights and context to AWS customers by feeding vulnerability scan and malware detection information into the AWS Security Hub. As a result of the integration, users of the service will now be able to receive alerts for high-priority vulnerability and malware information via AWS Security Hub. The integration demonstrates the value of context sharing for enhanced protection of business-critical workloads on AWS.
Use Atlassian Opsgenie Amazon Security Hub Integration to forward Amazon Security Hub findings to Atlassian Opsgenie. Atlassian Opsgenie will determine the right people to notify based on on-call schedules and notify them via email, text messages (SMS), phone calls, and iOS & Android push notifications. Opsgenie will escalate alerts until the alert is acknowledged or closed. Amazon Security Hub sends findings which match with the corresponding CloudWatch Event rule to CloudWatch. Selecting SNS topic for target publishes the related event message for findings to SNS, which will send this message to Atlassian Opsgenie at the end.
Barracuda Cloud Security Guardian is an agentless SaaS service that leverages the native security capabilities of AWS by policing the management and data planes. It automates the implementation of security and compliance across your deployment enabling you to stay secure while building applications in AWS. To further enhance security, the integrated Cloud Storage Shield, scans your Amazon S3 buckets for malware, quarantining any threats whilst sending logs back to AWS Security Hub.
BigID product helps companies manage and protect sensitive data (PII) across all their systems. It scans data sources (databases, file shares, cloud services, etc.) and discovers PII and data relevant to privacy regulations (GDPR, HIPAA, etc). Use this integration to leverage BigID's OOTB policies and receive instant findings on PII found and policy violations seamlessly in your AWS Security Hub console. You can review the findings, investigate further by connecting to the BigID tool, choose the proper course of action, and create additional workflows based on the finding.
Capitis Solutions has a proven track record of delivering large scale information security compliance solutions for regulated industries. C2VS, our compliance product, identifies application centric vulnerabilities related to misconfigurations. Our scans automate security audit evidence gathering through continuous verification of your custom application configurations. C2VS scans compare security configurations for targeted resources against your custom baselines. Any misconfigurations are published to Security Hub. Security operations teams can use Security Hub as a single pane of glass to monitor, raise alerts, and remediate issues.
Caveonix RiskForesight’s technology integration with AWS Security Hub allows enterprises to manage their cyber and compliance risk posture on a unified dashboard. RiskForesight leverages Security Hub to create a comprehensive view of their high-priority security alerts and compliance status on both a proactive and reactive basis by combining data from multiple AWS services as well as from the advanced analytics and risk mitigation modeling provided by RiskForesight. The RiskForesight solution's ability to conduct behavior analytics combined with risk analytics allows rapid detection of abnormal behavior and provides enforcement actions to manage the risk posture of hybrid cloud workloads.
Check Point CloudGuard complements native AWS controls to bring enhanced security for protecting customer environments from even the most sophisticated threats. CloudGuard IaaS's native API integration with AWS Security Hub feeds critical threat alerts into the console. It adds contextual information such as asset tags, security groups and availability zones to dynamically update security policies. CloudGuard's next-generation threat prevention is driven by the platform’s native firewall, IPS, application control, IPsec VPN, antivirus, and anti-bot capabilities. Customers can quickly ensure they are protected against both north-south and east-west cyber attacks from a single consolidated console.
CrowdStrike Falcon® provides cloud workload protection, unifying next-generation antivirus, endpoint detection and response (EDR), IT hygiene, and a 24/7 managed hunting service — all delivered via a single lightweight agent. CrowdStrike Falcon seamlessly integrates with AWS Security Hub, providing a comprehensive, real time, view of high priority security alerts and satisfying the security and compliance needs of DevSecOps teams. CrowdStrike Falcon uses artificial intelligence/machine learning and sophisticated behavioral-based detections that are fully integrated with AWS Security Hub, ensuring that customers have the next layer of protection against advanced cyber attacks.
CyberArk is a global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. The CyberArk integration with AWS Security Hub provides rich data sets of high-risk, privileged access activity and behavior. The solution provides cloud security teams with the information they need to respond to the most critical threats to the organizations. From a single control point within AWS, CyberArk helps provide a complete, measurable and actionable risk reduction program in securing privileged access within the cloud.
Demisto (Palo Alto Networks) is a Security Orchestration, Automation, and Response (SOAR) platform that integrates with AWS Security Hub for centralized alert visibility and accelerated response. Teams can use Demisto Enterprise to ingest aggregated alerts from AWS Security Hub and trigger automated, process-driven playbooks that coordinate actions across both cloud and on-premise environments, including a range of other AWS integrations such as Amazon GuardDuty, Amazon Route 53, Amazon EC2, Amazon Simple Queue Service (SQS), and AWS CloudTrail. This integration enables security and IT teams to best leverage existing product stacks, execute repeatable tasks at machine speed, and correlate alert context across tools for improved investigation quality.
DisruptOps provides automated AWS security and compliance assessment and remediation guardrails. Our SaaS platform continuously monitors all registered AWS accounts and regions for misconfigurations, vulnerabilities, and non-compliant settings. We then provide one-click or fully automated remediations for discovered issues. By integrating with Security Hub, customers gain more advanced assessments such as SSRF defense or IAM privilege escalation risk identification. Customers can remediate issues directly in Security Hub or in DisruptOps via API or our console. DisruptOps also adds enterprise capabilities and integrations to Security Hub, including notifications and centralized management.
FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. FireEye Helix integrates disparate security tools and augments them with next generation SIEM, orchestration, and threat intelligence capabilities to capture the untapped potential of security investments. FireEye Helix integrates with AWS Security Hub to pull data from Security Hub, analyzes threats, and correlates with other security event streams to detect and protect against advanced threats.
Forcepoint offers a systems-oriented approach to insider threat detection and analytics, cloud-based user and application protection, next-gen network protection, data security, and systems visibility.
To secure cloud environments, Forcepoint NGFW brings leading next generation firewall technology to AWS with the scalability, operational efficiency, and strong security that Forcepoint NGFW is known for. Forcepoint NGFW's integration with AWS Security Hub provides customers with unified reporting for cloud and hybrid environments, comprehensive security, and detailed supporting evidence from its advanced detection capabilities to protect customers' data and systems from all types of threats.
Forcepoint DLP allows you to discover and control data wherever it lives, whether on the cloud or on the network, via email and at the endpoint. Its integration with AWS Security Hub provides customers with unified visibility and reporting for cloud and hybrid environments, addressing human-centric risk with visibility and control everywhere your people work and everywhere your data resides.
Forcepoint CASB allows you to discover cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications. Its integration with AWS Security Hub gives you enhanced visibility and control over both sanctioned and unsanctioned cloud applications, ensuring the security of employees and data.
The GuardiCore Centra Security Platform is a comprehensive data center and cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce the attack surface, and detect and control breaches within east-west traffic. It provides deep visibility into application dependencies, flows, and enforcement of network and process-level policies to isolate and segment critical applications and infrastructure.
GuardiCore integration with the AWS Security Hub enables security incidents identified by Centra to be consumed and correlated by the AWS Security Hub so users get a single view of vulnerabilities, risk factors, and security incidents in their AWS environment.
The Infection Monkey integration with the AWS Security Hub allows anyone to verify and test the resilience of their AWS environment, and correlate this information with the native security solutions and benchmark score.
HeleCloud provides strategic technology consultancy, engineering, and cloud-based managed services. HeleCloud's managed services are designed to ensure the continuous operation of business-critical applications and systems by fully managing AWS infrastructure. HeleCloud establishes visibility across customers' environments using an Elasticsearch and Kibana SIEM, ingesting data from multiple AWS services via AWS Security Hub as well as custom and third-party tools and services. Having the ability to analyze the estate, HeleCloud can then provide rapid manual and automated security incident response.
IBM QRadar supports AWS Security Hub via an integrated system of analytics and real-time defenses to give security teams extended visibility into high-priority security alerts and automate compliance checks on a single dashboard. This powerful integration shares prioritized and aggregated security findings and events from multiple AWS services and AWS Partner Network security solutions and parses it into the QRadar dashboard for deeper security analysis and context across the broader hybrid environment. This consolidated view of actionable graphs and tables enables security analysts to drill-down into AWS event data for faster, more accurate threat detection and response, while improving compliance posture.
Imperva protects your business-critical data and applications wherever they reside, preventing cybercriminals from exploiting application vulnerabilities, stopping bad bots, and blocking DDoS attacks. Attack Analytics applies Imperva security know-how and AI to take thousands of security alerts and distill them into a handful of actionable insights.
AWS Security Hub receives insights from Imperva Attack Analytics, giving security teams better visibility into their entire attack landscape with a single consolidated view within the AWS Security Hub Console. Attack Analytics is part of FlexProtect for Application Security.
McAfee MVISION Cloud’s integration with AWS Security Hub offers a single point of visibility and control across SaaS, PaaS, and IaaS to secure enterprise data and protect organizations from cyber threats. McAfee’s MVISION Cloud allows customers to build security and event management ecosystems in an intuitive flexible way. McAfee worked closely with AWS ensuring compliance with Amazon Findings Format (AFF) standards to easily integrate information into AWS platforms and is available on AWS Marketplace.
PagerDuty's digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action. AWS users can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence. When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues. PagerDuty customers who are undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.
RedLock by Palo Alto Networks protects AWS deployments with cloud security analytics, advanced threat detection, and compliance monitoring. RedLock continuously collects and correlates log data and configuration information from AWS Config, AWS CloudTrail, VPC flow logs, Amazon Inspector, and Amazon GuardDuty to uncover and send security and compliance alerts to AWS Security Hub console. The RedLock integration with Security Hub provides additional context and centralized visibility into cloud security risks, enabling customers to gain actionable insights, identify cloud threats, reduce risk and remediate incidents, without impeding DevOps.
The Qualys integration with AWS Security Hub provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as the compliance to CIS, PCI, NIST, HIPAA, and security policies of their Instances and AMIs. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda.
Rackspace is an AWS Security Hub partner providing managed security services on top of native AWS security products for 24x7x365 monitoring, advanced analysis, and threat remediation by certified security experts in the global Rackspace Security Operations Center (SOC). By integrating with AWS Security Hub, Rackspace automatically pulls threat information and alerts directly from your AWS security products into our SIEM for a comprehensive view and analysis of your environment.
AWS customers who want to improve their security posture but do not have the expertise or the resources to invest in a 24x7x365 SOC can utilize the Cloud Native Security Service from Rackspace.
Rapid7 InsightVM, an industry-leading vulnerability assessment solution, utilizes the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS cloud.
Rapid7 InsightConnect automatically shares and reacts to findings in AWS Security Hub. InsightConnect is a security orchestration and automation solution that features over 270 plugins, meaning that a finding in Security Hub can trigger a new DevOps ticket, lock down a user's credentials, remediate vulnerabilities through a patch management tool, and much more. By sharing Security Hub findings with other systems and triggering automatic reactions to specific types of findings, InsightConnect ensures SecOps teams have the complete picture without getting bogged down responding to alerts.
ServiceNow delivers cloud-based automated workflows to help security professionals quickly respond to incidents and vulnerabilities, prioritized to their potential impact to the business. Its integrations with AWS Security Hub (Security Operations and IT Service Management) extend the same governance and compliance workflows from on-premises to cloud environments. Customers can ingest Security Hub data, create an incident with automatic enrichment, and route to the correct path to address the issue.
Security findings from Security Hub can be viewed within ServiceNow ITSM, and can be automatically or manually forwarded from Security Hub to ServiceNow Security Operations.
Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, California, and has ten offices around the world.
Sophos, a global leader in network and endpoint security, integrates with AWS Security Hub. Sophos customers can now link their Sophos Central Management account to their AWS Security Hub account to increase visibility into their security posture, ensure compliance, and better respond to threats. The Sophos Central Management platform is used to manage and deploy Sophos products, including its advanced Server Protection agents deployed to protect Amazon EC2 Windows or Linux instances. With this new integration, alerts sent from the agents are aggregated in AWS Security Hub to help provide a unified view of your AWS security posture.
Customers can utilize Splunk’s existing integration with Amazon CloudWatch Events to receive data directly from AWS Security Hub. From there, customers can take an analytics-driven approach to monitor and identify potential threats across AWS Security products like Amazon GuardDuty, Amazon Inspector, VPC Flow Logs, and Amazon Macie directly in the Splunk platform. These findings can then be sent to Splunk Phantom, a Security Automation, Orchestration and Response (SOAR) platform to enhance findings with additional threat intelligence information or to perform automated response actions. By adding broader context to findings, security teams can make well-informed decisions and take action quickly.
Splunk helps organizations ask questions, get answers, take action, and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate and act on all forms of business, IT, security, and Internet of Things data. Splunk Enterprise and Splunk Phantom integrations with the AWS Security Hub are designed to help customers further accelerate detection, investigation, and response to potential threats within their AWS security environment.
Sumo Logic and AWS Security Hub provide a complete security detection and response solution for security teams to address AWS compliance gaps and stop threats and attacks before they can damage your enterprise. Sumo Logic provides security and operations teams a rich analytical platform and access to the underlying machine data so they can investigate the causes, understand compromised resources, anomalous behaviors and malicious attacks. Then, Sumo Logic allows you to quickly and confidently respond to the threats leveraging platform integrations with ticketing tools, incident response platforms, and notification mechanisms.
Symantec Cloud Workload Protection (CWP) is a SaaS security service that provides continuous visibility and security for your Amazon EC2 instances. Using AWS APIs and Symantec Endpoint Protection (SEP) technologies, CWP offers advanced threat protection including anti-malware, intrusion detection and prevention (IDS/IPS), and real-time file integrity monitoring (FIM). Customers can use CWP to execute deep file and process scanning on EC2 instances, applications, and containers, and CWP publishes those scan results in the AWS Security Hub.
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce their cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver one of the world’s first platform to see and secure any digital asset on any computing platform. Combining Tenable.io® with AWS Security Hub provides our customers with a single view of critical security information, including vulnerabilities — allowing those customers to better identify, investigate and prioritize vulnerabilities — all managed in the Cloud.
Turbot delivers Software Defined Operations for the enterprise cloud with automated guardrails that ensure your cloud infrastructure is secure, compliant, scalable and cost optimized. Turbot's Guardrail policies for AWS Security Hub help enterprises ensure that AWS Security Hub is setup and configured according to defined policies to manage security alerts and compliance checks centrally across AWS accounts and workloads. In addition, Turbot automatically sends Turbot guardrail event details to AWS Security Hub in real-time to further enhance visibility for customers to have a signal pane of glass of their AWS + Turbot event details in AWS Security Hub.
Trusted by 25% of the Fortune 100, Twistlock is one of the most complete, automated, and scalable platform for securing containerized, cloud native, and serverless applications. Twistlock provides precise, actionable vulnerability management, automatically deployed firewalls, and protects applications across the development lifecycle and into production. Now with an integration for AWS Security Hub, Twistlock continuously monitors and defends all of your cloud native applications across AWS environments, aggregates vulnerability and compliance metrics, and provides runtime security intelligence in a single, centralized dashboard.
Vectra is transforming cybersecurity by applying advanced AI to detect and respond to risks posed by unauthorized users. The Vectra Cloud NDR platform prevents data breaches by automatically surfacing and prioritizing security risks that are sent to AWS Security Hub, accelerating investigations, enabling proactive risk identification, and initiating immediate intelligent enforcement.
Security Hub offers aggregated findings across AWS services and partner solutions, pre-configured and custom security insights, and multi-account support.
Instantly get access to the AWS Free Tier.
Enable AWS Security Hub in the AWS Console.