AWS Security Hub can automatically aggregate security findings data from supported AWS Partner security solutions, so you can have a comprehensive view of security and compliance across your AWS environment.
AWS Technology Partners
3CORESec provides managed detection services for both on-premises and AWS customers. Focused on open standards and open source software, its integration with AWS Security Hub allows visibility into malware, privilege escalation, lateral movement, improper network segmentation, and more. Customers can complement this integration through the usage of its managed SIEM offer, which provides visibility into network, cloud, and endpoint data.
Alcide is a Kubernetes security leader empowering DevOps teams to drive frictionless security guardrails to their CI/CD pipelines, and security teams to continuously secure and protect their growing Kubernetes deployments. Alcide provides a single K8s-native AI-driven security platform for cross-Kubernetes aspects: configuration risks, visibility across clusters, runtime security events, and a single policy framework for enforcement. Alcide kAudit solution identifies anomalous Kubernetes behaviors and suspicious activity patterns, while observing them with extended context. It enables both Dev and Security teams to focus on Kubernetes breaches and incidents, while significantly reducing time to detection.
Aqua Security was founded in 2015, as containers and serverless technologies were just emerging, recognizing that the dramatic change in application development and architecture requires an equally dramatic shift in security. Aqua Cloud Native Security Platform provides full lifecycle security for container-based and serverless applications, from your CI/CD pipeline to runtime production environments. The Aqua platform has data about the container host and the containers running on the host. The integration allows the platform to send alerts to AWS Security Hub.
Use Atlassian Opsgenie Amazon Security Hub Integration to forward Amazon Security Hub findings to Atlassian Opsgenie. Atlassian Opsgenie will determine the right people to notify based on on-call schedules and notify them via email, text messages (SMS), phone calls, and iOS & Android push notifications. Opsgenie will escalate alerts until the alert is acknowledged or closed. Amazon Security Hub sends findings which match with the corresponding CloudWatch Event rule to CloudWatch. Selecting SNS topic for target publishes the related event message for findings to SNS, which will send this message to Atlassian Opsgenie at the end.
Barracuda Cloud Security Guardian is an agentless SaaS service that leverages the native security capabilities of AWS by policing the management and data planes. It automates the implementation of security and compliance across your deployment enabling you to stay secure while building applications in AWS. To further enhance security, the integrated Cloud Storage Shield, scans your Amazon S3 buckets for malware, quarantining any threats whilst sending logs back to AWS Security Hub.
BigID product helps companies manage and protect sensitive data (PII) across all their systems. It scans data sources (databases, file shares, cloud services, etc.) and discovers PII and data relevant to privacy regulations (GDPR, HIPAA, etc). Use this integration to leverage BigID's OOTB policies and receive instant findings on PII found and policy violations seamlessly in your AWS Security Hub console. You can review the findings, investigate further by connecting to the BigID tool, choose the proper course of action, and create additional workflows based on the finding.
Capitis Solutions has a proven track record of delivering large scale information security compliance solutions for regulated industries. C2VS, our compliance product, identifies application centric vulnerabilities related to misconfigurations. Our scans automate security audit evidence gathering through continuous verification of your custom application configurations. C2VS scans compare security configurations for targeted resources against your custom baselines. Any misconfigurations are published to Security Hub. Security operations teams can use Security Hub as a single pane of glass to monitor, raise alerts, and remediate issues.
Caveonix RiskForesight’s technology integration with AWS Security Hub allows enterprises to manage their cyber and compliance risk posture on a unified dashboard. RiskForesight leverages Security Hub to create a comprehensive view of their high-priority security alerts and compliance status on both a proactive and reactive basis by combining data from multiple AWS services as well as from the advanced analytics and risk mitigation modeling provided by RiskForesight. The RiskForesight solution's ability to conduct behavior analytics combined with risk analytics allows rapid detection of abnormal behavior and provides enforcement actions to manage the risk posture of hybrid cloud workloads.
Check Point CloudGuard complements native AWS controls to bring enhanced security for protecting customer environments from even the most sophisticated threats. CloudGuard IaaS's native API integration with AWS Security Hub feeds critical threat alerts into the console. It adds contextual information such as asset tags, security groups and availability zones to dynamically update security policies. CloudGuard's next-generation threat prevention is driven by the platform’s native firewall, IPS, application control, IPsec VPN, antivirus, and anti-bot capabilities. Customers can quickly ensure they are protected against both north-south and east-west cyber attacks from a single consolidated console.
Cloud Storage Security's Antivirus for Amazon S3 provides cloud native anti-malware and antivirus scanning for Amazon S3 objects. Antivirus for Amazon S3 offers real time and scheduled scans of objects and files in Amazon S3 for malware and threats. It provides visibility and remediation for problem and infected files.
cloudtamer.io offers enterprises a cloud governance solution that supports AWS by simplifying account management, enforcing budgets, and continuous compliance. Using cloudtamer.io, customers get visibility, control, and agility for all users in a single interface. Customers can send and receive Security Hub findings from multiple AWS accounts in the Compliance Dashboard and configure remediation to ensure findings are resolved when they are discovered.
CrowdStrike Falcon® provides cloud workload protection, unifying next-generation antivirus, endpoint detection and response (EDR), IT hygiene, and a 24/7 managed hunting service — all delivered via a single lightweight agent. CrowdStrike Falcon seamlessly integrates with AWS Security Hub, providing a comprehensive, real time, view of high priority security alerts and satisfying the security and compliance needs of DevSecOps teams. CrowdStrike Falcon uses artificial intelligence/machine learning and sophisticated behavioral-based detections that are fully integrated with AWS Security Hub, ensuring that customers have the next layer of protection against advanced cyber attacks.
CyberArk is a global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. The CyberArk integration with AWS Security Hub provides rich data sets of high-risk, privileged access activity and behavior. The solution provides cloud security teams with the information they need to respond to the most critical threats to the organizations. From a single control point within AWS, CyberArk helps provide a complete, measurable and actionable risk reduction program in securing privileged access within the cloud.
DisruptOps provides automated AWS security and compliance assessment and remediation guardrails. DisruptOps' SaaS platform continuously monitors all registered AWS accounts and regions for misconfigurations, vulnerabilities, and non-compliant settings. They provide one-click or fully automated remediations for discovered issues. By integrating with Security Hub, customers gain more advanced assessments such as SSRF defense or IAM privilege escalation risk identification. Customers can remediate issues directly in Security Hub or in DisruptOps via API or their console. DisruptOps also adds enterprise capabilities and integrations to Security Hub, including notifications, and centralized management.
FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. FireEye Helix integrates disparate security tools and augments them with next generation SIEM, orchestration, and threat intelligence capabilities to capture the untapped potential of security investments. FireEye Helix integrates with AWS Security Hub to pull data from Security Hub, analyzes threats, and correlates with other security event streams to detect and protect against advanced threats.
Forcepoint offers a systems-oriented approach to insider threat detection and analytics, cloud-based user and application protection, next-gen network protection, data security, and systems visibility.
To secure cloud environments, Forcepoint NGFW brings leading next generation firewall technology to AWS with the scalability, operational efficiency, and strong security that Forcepoint NGFW is known for. Forcepoint NGFW's integration with AWS Security Hub provides customers with unified reporting for cloud and hybrid environments, comprehensive security, and detailed supporting evidence from its advanced detection capabilities to protect customers' data and systems from all types of threats.
Forcepoint DLP allows you to discover and control data wherever it lives, whether on the cloud or on the network, via email and at the endpoint. Its integration with AWS Security Hub provides customers with unified visibility and reporting for cloud and hybrid environments, addressing human-centric risk with visibility and control everywhere your people work and everywhere your data resides.
Forcepoint CASB allows you to discover cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications. Its integration with AWS Security Hub gives you enhanced visibility and control over both sanctioned and unsanctioned cloud applications, ensuring the security of employees and data.
Guardicore is the segmentation company disrupting the legacy firewall market. Its software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, it offers greater security and visibility in the cloud, datacenter, and endpoint. Guardicore's mission goes beyond creating great technology. It continuously engages with customers as a trusted partner, ensuring they maximize the value of their security investments beyond their original goals and expectations.
IBM QRadar supports AWS Security Hub via an integrated system of analytics and real-time defenses to give security teams extended visibility into high-priority security alerts and automate compliance checks on a single dashboard. This powerful integration shares prioritized and aggregated security findings and events from multiple AWS services and AWS Partner Network security solutions and parses it into the QRadar dashboard for deeper security analysis and context across the broader hybrid environment. This consolidated view of actionable graphs and tables enables security analysts to drill-down into AWS event data for faster, more accurate threat detection and response, while improving compliance posture.
McAfee MVISION Cloud Native Application Protection Platform (CNAPP) is a security service that combines Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) in a single solution. MVISION CNAPP helps customers identify security risks by benchmarking service configurations against compliance standards like CIS AWS Foundations Benchmark, PCI, and HIPAA, and offers policies that can automatically remediate misconfigurations. MVISION CNAPP also helps customers prevent data breaches by protecting sensitive data stored on Amazon S3, identifying software vulnerabilities, and delivering advanced threat protection for applications hosted on AWS container and compute services. MVISION CNAPP integrates with the AWS Security Hub by allowing customers to publish CNAPP security incidents in near real-time to AWS Security Hub automatically.
NETSCOUT helps assure digital business services against disruptions in availability, performance, and security. The combination of NETSCOUT’s Cyber Investigator (NCI) and vSTREAM software with AWS packet access services helps contain costs and achieve better efficiencies in mitigating novel security threats as enterprises move applications to the cloud. NCI is an enterprise-wide network threat, risk investigation, and forensic analysis platform that helps reduce the impact of cyber threats on businesses. Customers can easily detect, validate, investigate, and respond to threats with this analytics system that also integrates with AWS Security Hub.
PagerDuty's digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action. AWS users can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence. When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues. PagerDuty customers who are undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.
Palo Alto Networks integrates three leading security products—Prisma Cloud, VM-Series, and Cortex XSOAR—with AWS Security Hub to provide customers with improved visibility, security, compliance assurance, and response to cloud threats.
Prisma Cloud offers broad security and compliance coverage for applications, data, and the entire cloud-native technology stack throughout the development lifecycle and across any cloud deployment architecture. Integrated with AWS Security Hub, Prisma Cloud enables organizations to monitor assets and send alerts on resource configurations, compliance violations, network security risks, and anomalous user activities across all of their AWS infrastructure. Prisma Cloud - Compute is also integrated with Security Hub, which allows teams to send their container security findings to Security Hub.
Palo Alto VM-Series integration with AWS Security Hub collects threat intelligence and sends it to the VM-Series next-gen firewall as an automatic security policy update that blocks malicious (IP address) activity.
Cortex XSOAR integrates with AWS Security Hub and a host of AWS services as well as hundreds of security/IT products. Teams can correlate incident context, automate repetitive tasks, coordinate with other teams for remediation, and standardize incident response across an entire (multi-cloud, hybrid, on-prem) environment.
The Qualys integration with AWS Security Hub provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as the compliance to CIS, PCI, NIST, HIPAA, and security policies of their Instances and AMIs. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda.
Rapid7 InsightVM, an industry-leading vulnerability assessment solution, utilizes the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS cloud.
Rapid7 InsightConnect automatically shares and reacts to findings in AWS Security Hub. InsightConnect is a security orchestration and automation solution that features over 270 plugins, meaning that a finding in Security Hub can trigger a new DevOps ticket, lock down a user's credentials, remediate vulnerabilities through a patch management tool, and much more. By sharing Security Hub findings with other systems and triggering automatic reactions to specific types of findings, InsightConnect ensures SecOps teams have the complete picture without getting bogged down responding to alerts.
RSA Archer is a risk management tool that provides solutions in sectors such as business resiliency, operational and enterprise risk management, audit management, public sector, security and IT risk management, third-party governance, and regulatory compliance management.
The RSA Archer AWS Security Hub integration leverages findings obtained from Security Hub and GuardDuty, in conjunction with data from other sources, to assess the overall level of a customer's compliance and to identify suspicious activity detected on their IT footprint. By connecting the integration with RSA Archer's Issues Management solution, customers can conduct a formal remediation process on critical findings.
SecureCloudDB automates asset discovery, configuration checks, and database activity monitoring for public cloud databases, making it easy for organizations to protect sensitive data where it lives and adhere to compliance frameworks. The SecureCloudDB and AWS Security Hub integration reduces database security risk and improves incident response time by delivering relevant incident data and simplifying the remediation process. Real-time findings generated via security policy alerts in SecureCloudDB are pushed to Security Hub, allowing organizations to instantly correlate the findings with other tooling as well as deploy a library of Lambda functions to automate remediation.
ServiceNow delivers cloud-based automated workflows to help security professionals quickly respond to incidents and vulnerabilities, prioritized to their potential impact to the business. Its integrations with AWS Security Hub for IT Service Management extend the same governance and compliance workflows from on-premises to cloud environments. Customers can ingest Security Hub data, create an incident with automatic enrichment, and route to the correct path to address the issue.
Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, California, and has ten offices around the world.
Sophos, a global leader in network and endpoint security, integrates with AWS Security Hub. Sophos customers can now link their Sophos Central Management account to their AWS Security Hub account to increase visibility into their security posture, ensure compliance, and better respond to threats. The Sophos Central Management platform is used to manage and deploy Sophos products, including its advanced Server Protection agents deployed to protect Amazon EC2 Windows or Linux instances. With this new integration, alerts sent from the agents are aggregated in AWS Security Hub to help provide a unified view of your AWS security posture.
Customers can utilize Splunk’s existing integration with Amazon CloudWatch Events to receive data directly from AWS Security Hub. From there, customers can take an analytics-driven approach to monitor and identify potential threats across AWS Security products like Amazon GuardDuty, Amazon Inspector, VPC Flow Logs, and Amazon Macie directly in the Splunk platform. These findings can then be sent to Splunk Phantom, a Security Automation, Orchestration and Response (SOAR) platform to enhance findings with additional threat intelligence information or to perform automated response actions. By adding broader context to findings, security teams can make well-informed decisions and take action quickly.
Splunk helps organizations ask questions, get answers, take action, and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate and act on all forms of business, IT, security, and Internet of Things data. Splunk Enterprise and Splunk Phantom integrations with the AWS Security Hub are designed to help customers further accelerate detection, investigation, and response to potential threats within their AWS security environment.
StackRox extends AWS Security Hub by adding containers and Kubernetes security capabilities. StackRox identifies security risks and policy violations in containers and Kubernetes environments and pushes its security insights into Security Hub, enabling customers to identify, investigate, and respond to security alerts quicker.
Sumo Logic and AWS Security Hub provide a complete security detection and response solution for security teams to address AWS compliance gaps and stop threats and attacks before they can damage your enterprise. Sumo Logic provides security and operations teams a rich analytical platform and access to the underlying machine data so they can investigate the causes, understand compromised resources, anomalous behaviors and malicious attacks. Then, Sumo Logic allows you to quickly and confidently respond to the threats leveraging platform integrations with ticketing tools, incident response platforms, and notification mechanisms.
Symantec Cloud Workload Protection (CWP) is a SaaS security service that provides continuous visibility and security for your Amazon EC2 instances. Using AWS APIs and Symantec Endpoint Protection (SEP) technologies, CWP offers advanced threat protection including anti-malware, intrusion detection and prevention (IDS/IPS), and real-time file integrity monitoring (FIM). Customers can use CWP to execute deep file and process scanning on EC2 instances, applications, and containers, and CWP publishes those scan results in the AWS Security Hub.
Sysdig is a security and DevOps company that offers state of the art monitoring and security in an integrated platform, as SaaS and on-prem, in a highly scalable way with open source at its core. With Sysdig Secure for cloud, you can leverage asset discovery, risk management, cloud security posture management (CSPM), compliance, automatic ECR and Fargate vulnerability scanning, and threat detection based on AWS CloudTrail. Sysdig Secure automatically sends findings to AWS Security Hub, enabling customers to gain holistic visibility of their security and compliance posture.
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce their cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver one of the world’s first platform to see and secure any digital asset on any computing platform. Combining Tenable.io® with AWS Security Hub provides our customers with a single view of critical security information, including vulnerabilities — allowing those customers to better identify, investigate and prioritize vulnerabilities — all managed in the Cloud.
ThreatModeler is an automated threat modeling solution that secures and scales the enterprise software and cloud development life cycle. It leverages findings from AWS Security Hub data to help enforce compliance and security governance based on identified threats.
Turbot delivers Software Defined Operations for the enterprise cloud with automated guardrails that ensure customer cloud infrastructure is secure, compliant, scalable, and cost optimized. Turbot's Guardrail policies for AWS Security Hub help enterprises ensure that AWS Security Hub is setup and configured according to defined policies to manage security alerts and compliance checks centrally across AWS accounts and workloads. In addition, Turbot automatically sends Turbot guardrail event details to AWS Security Hub in real-time to further enhance visibility for customers to have a signal pane of glass of their AWS + Turbot event details in AWS Security Hub.
Vectra is transforming cybersecurity by applying advanced AI to detect and respond to risks posed by unauthorized users. The Vectra Cloud NDR platform prevents data breaches by automatically surfacing and prioritizing security risks that are sent to AWS Security Hub, accelerating investigations, enabling proactive risk identification, and initiating immediate intelligent enforcement.
AWS Managed Security Service Providers
Alert Logic®'s security analysts and security content teams made up of data scientists, researchers and developers work together to constantly gather threat intelligence. They stay on the cutting edge of threat intelligence and use machine-learning that builds on data from our customers to enable ever-smarter, ever-stronger security coverage. Alert Logic then leverages the data to extend the security alerts and compliance status provided by AWS Security Hub to help customers understand impact and respond to findings. They absorb the complexity from threat identification and provide the required expert service for deployment, operation and ongoing security processes.
Armor is a security-as-a-service provider. Armor's Anywhere Platform provides security services and integrations that help you accelerate your adoption of AWS. Armor Anywhere integrates with AWS Security Hub to deliver deeper security insights and context to AWS customers by feeding vulnerability scan and malware detection information into the AWS Security Hub. As a result of the integration, users of the service will now be able to receive alerts for high-priority vulnerability and malware information via AWS Security Hub. The integration demonstrates the value of context sharing for enhanced protection of business-critical workloads on AWS.
Rackspace Technology is an AWS Security Hub partner providing managed security services on top of native AWS security products for 24x7x365 monitoring, advanced analysis, and threat remediation by certified security experts in the global Rackspace Technology Security Operations Center (SOC). By integrating with AWS Security Hub, Rackspace Technology automatically pulls threat information and alerts directly from your AWS security products into our SIEM for a comprehensive view and analysis of your environment.
AWS customers who want to improve their security posture but do not have the expertise or the resources to invest in a 24x7x365 SOC can utilize the Cloud Native Security Service from Rackspace Technology.
AWS Consulting Partners
AllCloud's Next-Generation Landing Zone (NGLZ) consulting offer provides a fully automated enterprise-scale governance and security framework that configures and updates multi-account, multi-region AWS Organizations organizational units (OUs) based on AWS services. Findings, alerts, and notifications are consolidated into AWS Security Hub and pushed to an external SIEM.
HeleCloud provides strategic technology consultancy, engineering, and cloud-based managed services. HeleCloud's managed services are designed to ensure the continuous operation of business-critical applications and systems by fully managing AWS infrastructure. HeleCloud establishes visibility across customers' environments using an Elasticsearch and Kibana SIEM, ingesting data from multiple AWS services via AWS Security Hub as well as custom and third-party tools and services. Having the ability to analyze the estate, HeleCloud can then provide rapid manual and automated security incident response.
Embracing cloud technologies and migrating data to the cloud are imperative to maintain a competitive advantage. However, if you adopt the cloud without considering cybersecurity and compliance, you risk leaving critical assets unprotected. KPMG’s team of AWS certified security specialists complement KPMG’s cybersecurity and compliance experience to provide clients the guidance they need to maximize the benefits of AWS Security tools. Using a framework built on leading practices, KPMG can help you build a right-sized security monitoring and remediation ruleset for AWS Security Hub, including integrations into your enterprise systems.
Ubertas Consulting Foundations for AWS Well-Architected includes a combination of online workshops and DevOps consultancy across an eight-step process to deliver a Well-Architected foundation in two weeks. It uses underlying AWS services such as AWS Control Tower, AWS Security Hub, and AWS CloudFormation.
Open Source Tools
Kube-bench, an open source tool developed by Aqua Security, checks whether customers Kubernetes cluster is configured in accordance with the recommendations from the Center for Internet Security (CIS), supporting both the CIS Kubernetes Benchmark and the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark. Customers can view findings about non-compliant configuration settings within AWS Security Hub.
Cloud Custodian is a tool that unifies the dozens of tools and scripts most organizations use for managing their public cloud accounts into one open source tool. It uses a stateless rules engine for policy definition and enforcement, with metrics, structured outputs and detailed reporting for clouds infrastructure. Cloud Custodian's integration with Security Hub allows it to both send findings to Security and receive findings for response and remediation actions.
Prowler is a security assessment tool that gives customers direct insights into the security best practices of their AWS infrastructure. Customers can run Prowler to continuously monitor their security status. The main differentiators between Prowler and other existing services or solutions are the number of checks that are included out-of-the-box; no configuration needed to get insights; and no direct cost associated to its use. Prowler's checks follow guidelines from the CIS Amazon Web Services Foundations Benchmark and performs additional checks related to GDPR, PCI, and HIPAA. Prowler supports natively sending findings to AWS Security Hub.
Become an AWS Security Hub Partner
To become a Security Hub Partner, you must be either an AWS Select Tier Partner or above, or you have joined the AWS ISV Partner Path and the product that you are using for Security Hub integration has gone through an AWS Foundational Technical Review (FTR), giving that product a “Reviewed by AWS” badge.
If you have a security solution and are interested in becoming an AWS Security Hub Partner, please send an email to firstname.lastname@example.org with your company and product(s) names, APN tier level, and contact information.
To get started, download our onboarding documents available in the Resources section below. Please read through (at a minimum) the onboarding guide and FAQs, and then begin working on your manifest.
Security Hub offers aggregated findings across AWS services and partner solutions, pre-configured and custom security insights, and multi-account support.
Instantly get access to the AWS Free Tier.
Enable AWS Security Hub in the AWS Console.