AWS Security Hub can automatically aggregate security findings data from supported AWS Partner Network (APN) security solutions, so you can have a comprehensive view of security and compliance across your AWS environment.
If you have a security solution and are interested in becoming an AWS Security Hub partner, please send an email to firstname.lastname@example.org with your company and product(s) names, APN tier level, and contact information.
Alert Logic®'s security analysts and security content teams made up of data scientists, researchers and developers work together to constantly gather threat intelligence. They stay on the cutting edge of threat intelligence and use machine-learning that builds on data from our customers to enable ever-smarter, ever-stronger security coverage. Alert Logic then leverages the data to extend the security alerts and compliance status provided by AWS Security Hub to help customers understand impact and respond to findings. They absorb the complexity from threat identification and provide the required expert service for deployment, operation and ongoing security processes.
Armor is a security-as-a-service provider. Armor's Anywhere Platform provides security services and integrations that help you accelerate your adoption of AWS. Armor Anywhere integrates with AWS Security Hub to deliver deeper security insights and context to AWS customers by feeding vulnerability scan and malware detection information into the AWS Security Hub. As a result of the integration, users of the service will now be able to receive alerts for high-priority vulnerability and malware information via AWS Security Hub. The integration demonstrates the value of context sharing for enhanced protection of business-critical workloads on AWS.
Use Atlassian Opsgenie Amazon Security Hub Integration to forward Amazon Security Hub findings to Atlassian Opsgenie. Atlassian Opsgenie will determine the right people to notify based on on-call schedules and notify them via email, text messages (SMS), phone calls, and iOS & Android push notifications. Opsgenie will escalate alerts until the alert is acknowledged or closed. Amazon Security Hub sends findings which match with the corresponding CloudWatch Event rule to CloudWatch. Selecting SNS topic for target publishes the related event message for findings to SNS, which will send this message to Atlassian Opsgenie at the end.
Barracuda Cloud Security Guardian is an agentless SaaS service that leverages the native security capabilities of AWS by policing the management and data planes. It automates the implementation of security and compliance across your deployment enabling you to stay secure while building applications in AWS. To further enhance security, the integrated Cloud Storage Shield, scans your Amazon S3 buckets for malware, quarantining any threats whilst sending logs back to AWS Security Hub.
Check Point CloudGuard complements native AWS controls to bring enhanced security for protecting customer environments from even the most sophisticated threats. CloudGuard IaaS's native API integration with AWS Security Hub feeds critical threat alerts into the console. It adds contextual information such as asset tags, security groups and availability zones to dynamically update security policies. CloudGuard's next-generation threat prevention is driven by the platform’s native firewall, IPS, application control, IPsec VPN, antivirus, and anti-bot capabilities. Customers can quickly ensure they are protected against both north-south and east-west cyber attacks from a single consolidated console.
Check Point CloudGuard Dome9 allows enterprises to easily manage security and compliance in your AWS Platform at any scale. CloudGuard Dome9 offers technologies to visualize and assess security posture, detect misconfigurations, model and actively enforce gold standard policies, protect against attacks and insider threats, and comply with regulatory requirements and best practices. Businesses use CloudGuard Dome9 for faster and more effective cloud security operations, pain-free compliance and governance, and Rugged DevOps practices.
CrowdStrike Falcon® provides cloud workload protection, unifying next-generation antivirus, endpoint detection and response (EDR), IT hygiene, and a 24/7 managed hunting service — all delivered via a single lightweight agent. CrowdStrike Falcon seamlessly integrates with AWS Security Hub, providing a comprehensive, real time, view of high priority security alerts and satisfying the security and compliance needs of DevSecOps teams. CrowdStrike Falcon uses artificial intelligence/machine learning and sophisticated behavioral-based detections that are fully integrated with AWS Security Hub, ensuring that customers have the next layer of protection against advanced cyber attacks.
CyberArk is a global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. The CyberArk integration with AWS Security Hub provides rich data sets of high-risk, privileged access activity and behavior. The solution provides cloud security teams with the information they need to respond to the most critical threats to the organizations. From a single control point within AWS, CyberArk helps provide a complete, measurable and actionable risk reduction program in securing privileged access within the cloud.
Demisto is a Security Orchestration, Automation, and Response (SOAR) platform that integrates with AWS Security Hub for centralized alert visibility and accelerated response. Teams can use Demisto Enterprise to ingest aggregated alerts from AWS Security Hub and trigger automated, process-driven playbooks that coordinate actions across both cloud and on-premise environments, including a range of other AWS integrations such as Amazon GuardDuty, Amazon Route 53, Amazon EC2, Amazon Simple Queue Service (SQS), and AWS CloudTrail. This integration enables security and IT teams to best leverage existing product stacks, execute repeatable tasks at machine speed, and correlate alert context across tools for improved investigation quality.
F5 Networks WAF Solutions deliver one of the industries’ most comprehensive application layer protection, securing your mission critical-apps and customer data against malicious cyberattacks including L7 DoS, OWASP Top 10 threats and bot attacks. Integration of F5 Advanced WAF and BIG-IP ASM Virtual Editions with AWS Security Hub allows customers to forward select, pre-defined alert types to this central console for analysis alongside findings from other sources; enabling security teams to seamlessly identify and focus their efforts on the most critical of alerts across their security portfolio.
The GuardiCore Centra Security Platform is a comprehensive data center and cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce the attack surface, and detect and control breaches within east-west traffic. It provides deep visibility into application dependencies, flows, and enforcement of network and process-level policies to isolate and segment critical applications and infrastructure.
GuardiCore integration with the AWS Security Hub enables security incidents identified by Centra to be consumed and correlated by the AWS Security Hub so users get a single view of vulnerabilities, risk factors, and security incidents in their AWS environment.
The Infection Monkey integration with the AWS Security Hub allows anyone to verify and test the resilience of their AWS environment, and correlate this information with the native security solutions and benchmark score.
IBM QRadar supports AWS Security Hub via an integrated system of analytics and real-time defenses to give security teams extended visibility into high-priority security alerts and automate compliance checks on a single dashboard. This powerful integration shares prioritized and aggregated security findings and events from multiple AWS services and AWS Partner Network security solutions and parses it into the QRadar dashboard for deeper security analysis and context across the broader hybrid environment. This consolidated view of actionable graphs and tables enables security analysts to drill-down into AWS event data for faster, more accurate threat detection and response, while improving compliance posture.
Imperva protects your business-critical data and applications wherever they reside, preventing cybercriminals from exploiting application vulnerabilities, stopping bad bots, and blocking DDoS attacks. Attack Analytics applies Imperva security know-how and AI to take thousands of security alerts and distill them into a handful of actionable insights.
AWS Security Hub receives insights from Imperva Attack Analytics, giving security teams better visibility into their entire attack landscape with a single consolidated view within the AWS Security Hub Console. Attack Analytics is part of FlexProtect for Application Security.
McAfee MVISION Cloud’s integration with AWS Security Hub offers a single point of visibility and control across SaaS, PaaS, and IaaS to secure enterprise data and protect organizations from cyber threats. McAfee’s MVISION Cloud allows customers to build security and event management ecosystems in an intuitive flexible way. McAfee worked closely with AWS ensuring compliance with Amazon Findings Format (AFF) standards to easily integrate information into AWS platforms and is available on AWS Marketplace.
PagerDuty's digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action. AWS users can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence. When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues. PagerDuty customers who are undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.
RedLock by Palo Alto Networks protects AWS deployments with cloud security analytics, advanced threat detection, and compliance monitoring. RedLock continuously collects and correlates log data and configuration information from AWS Config, AWS CloudTrail, VPC flow logs, Amazon Inspector, and Amazon GuardDuty to uncover and send security and compliance alerts to AWS Security Hub console. The RedLock integration with Security Hub provides additional context and centralized visibility into cloud security risks, enabling customers to gain actionable insights, identify cloud threats, reduce risk and remediate incidents, without impeding DevOps.
The Qualys integration with AWS Security Hub provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as, the compliance to CIS, PCI, NIST, HIPAA and security policies of their Instances and AMI’s. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda.
Rapid7 InsightVM, an industry-leading vulnerability assessment solution, utilizes the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS cloud.
Rapid7 InsightConnect automatically shares and reacts to findings in AWS Security Hub. InsightConnect is a security orchestration and automation solution that features over 270 plugins, meaning that a finding in Security Hub can trigger a new DevOps ticket, lock down a user's credentials, remediate vulnerabilities through a patch management tool, and much more. By sharing Security Hub findings with other systems and triggering automatic reactions to specific types of findings, InsightConnect ensures SecOps teams have the complete picture without getting bogged down responding to alerts.
ServiceNow delivers cloud-based automated workflows to help security professionals quickly respond to incidents and vulnerabilities, prioritized to their potential impact to the business. Our integrations with AWS Security Hub (Security Operations and IT Service Management) extend the same governance and compliance workflows from on-premise to cloud environments. Customers can ingest Security Hub data, create an incident with automatic enrichment, and route to the correct path to address the issue.
ITSM: The ServiceNow Security Hub integration allows security findings from Security Hub to be viewed within ServiceNow ITSM.
SecOps: The ServiceNow Security Hub integration allows both automated and manual forwarding of security findings from Security Hub to ServiceNow Security Operations.
Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, CA and has ten offices around the world.
Sophos, a global leader in network and endpoint security, integrates with AWS Security Hub. Sophos customers can now link their Sophos Central Management account to their AWS Security Hub account to increase visibility into their security posture, ensure compliance, and better respond to threats. The Sophos Central Management platform is used to manage and deploy Sophos products, including our advanced Server Protection agents deployed to protect Amazon EC2 Windows or Linux instances. With this new integration, alerts sent from the agents are aggregated in AWS Security Hub to help provide a unified view of your AWS security posture.
Customers can utilize Splunk’s existing integration with Amazon CloudWatch Events to receive data directly from AWS Security Hub. From there, customers can take an analytics-driven approach to monitor and identify potential threats across AWS Security products like Amazon GuardDuty, Amazon Inspector, VPC Flow Logs, and Amazon Macie directly in the Splunk platform. These findings can then be sent to Splunk Phantom, a Security Automation, Orchestration and Response (SOAR) platform to enhance findings with additional threat intelligence information or to perform automated response actions. By adding broader context to findings, security teams can make well-informed decisions and take action quickly.
Splunk helps organizations ask questions, get answers, take action, and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate and act on all forms of business, IT, security, and Internet of Things data. Splunk Enterprise and Splunk Phantom integrations with the AWS Security Hub are designed to help customers further accelerate detection, investigation, and response to potential threats within their AWS security environment.
Sumo Logic and AWS Security Hub provide a complete security detection and response solution for security teams to address AWS compliance gaps and stop threats and attacks before they can damage your enterprise. Sumo Logic provides security and operations teams a rich analytical platform and access to the underlying machine data so they can investigate the causes, understand compromised resources, anomalous behaviors and malicious attacks. Then, Sumo Logic allows you to quickly and confidently respond to the threats leveraging platform integrations with ticketing tools, incident response platforms, and notification mechanisms.
Symantec Cloud Workload Protection (CWP) is a SaaS security service that provides continuous visibility and security for your Amazon EC2 instances. Using AWS APIs and Symantec Endpoint Protection (SEP) technologies, CWP offers advanced threat protection including anti-malware, intrusion detection and prevention (IDS/IPS), and real-time file integrity monitoring (FIM). Customers can use CWP to execute deep file and process scanning on EC2 instances, applications, and containers, and CWP publishes those scan results in the AWS Security Hub.
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce their cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver one of the world’s first platform to see and secure any digital asset on any computing platform. Combining Tenable.io® with AWS Security Hub provides our customers with a single view of critical security information, including vulnerabilities — allowing those customers to better identify, investigate and prioritize vulnerabilities — all managed in the Cloud.
Turbot delivers Software Defined Operations for the enterprise cloud with automated guardrails that ensure your cloud infrastructure is secure, compliant, scalable and cost optimized. Turbot's Guardrail policies for AWS Security Hub help enterprises ensure that AWS Security Hub is setup and configured according to defined policies to manage security alerts and compliance checks centrally across AWS accounts and workloads. In addition, Turbot automatically sends Turbot guardrail event details to AWS Security Hub in real-time to further enhance visibility for customers to have a signal pane of glass of their AWS + Turbot event details in AWS Security Hub.
Trusted by 25% of the Fortune 100, Twistlock is one of the most complete, automated, and scalable platform for securing containerized, cloud native, and serverless applications. Twistlock provides precise, actionable vulnerability management, automatically deployed firewalls, and protects applications across the development lifecycle and into production. Now with an integration for AWS Security Hub, Twistlock continuously monitors and defends all of your cloud native applications across AWS environments, aggregates vulnerability and compliance metrics, and provides runtime security intelligence in a single, centralized dashboard.
Security Hub offers aggregated findings across AWS services and partner solutions, pre-configured and custom security insights, and multi-account support.
Instantly get access to the AWS Free Tier.
Enable AWS Security Hub in the AWS Console.