AWS Security Hub provides a?centralized pre-built dashboard?for security alerts. It provides a single place in the AWS environment to aggregate, organize, and prioritize security alerts and discoveries from multiple AWS security services as well as 3rd party products.
AWS Security Hub simplifies how we understand and improve our security position with automated security best practice checks powered by AWS Config rules and automated integrations with dozens of AWS services and partner products. It will enable you to have an security audit across your AWS accounts.
Security Hub in?general saves our time by creating accurate reports on security gaps?in our AWS environment.
- Reduce the time and effort to collect information:?Collect and prioritize security findings results across multiple accounts from integrated AWS services and third-party partner products.
- Automation capability:?Automate remediation of specific findings, and define custom actions to be taken when the specific findings are received. The findings can also be sent to the ticketing system or automatic remediation software.
- Best practices and standards security checks:?Security Hub runs continuous security checks following AWS best practices and industry standards, provides the results of these checks as scores, and identifies AWS accounts and resources that require attention.
- Consolidated view across AWS accounts:?Consolidate our security findings from multiple AWS accounts.
- Findings aggregation across AWS regions:?View findings across multiple regions by setting an aggregation region and then linking other AWS regions to it.
- Security scanning: Use various security standards to continuously scan your AWS environment for configuration errors, and aggregate account and multi-account security check results to understand your overall security status.
- Simple classification and prioritization: Use Security Hub’s dashboards and filters to identify and prioritize which findings from other AWS security services and partner security integrations are most important and which require the most direct attention .
- Compliance: Simplify compliance management with built-in mapping capabilities for common frameworks such as the Internet Security Center (CIS) and Payment Card Industry Data Security Standard (PCI DSS).
- Speed up response time with automatic ticket routing: Security Hub ensures that AWS findings are sent to the right people through integration with chat, ticketing, incident management, and security information and incident management (SIEM) tools.
- Amazon Guard Duty for intelligent continuous threat detection of your AWS accounts, data stored in Amazon S3, and workloads to reduce risk.
- AWS Macie, which we can use to help find personally identifiable information in our S3 buckets and classify data according to how sensitive it is as a high, medium, or low risk, and alert users accordingly.
- AWS Inspector, which of course we can use to run checks for common vulnerabilities and exposures on AWS EC2 instances.
- AWS IAM Access Analyzer: It is a tool that scans the policies attached to our AWS resources like S3 buckets, KMS keys, Lambda functions, and identity access management roles, to see if they allow external access from outside our AWS account.
- AWS CloudWatch and CloudWatch events: We can use AWS Lambda for automating any response to the alerts that are found.
- AWS Firewall Manager : This service allows you to centrally manage web application firewalls (WAF) and security groups as well across multiple AWS accounts.
