AWS Security Hub

This consolidates the security findings compliance and alerts.

This includes:

AWS IAM

Macie

Guard Duty

Inspector

Firewall Manager

Third party tools:

AWS Security hub can be intergrated to work with many 3rd party applications.

Think of security hub as a central point for a comprehehsive picture of security

By default security hub is a regional service.

Member and master accounts can be setup.

Securty hub administrator is the core account

Security hub member are the leaf accounts

Compliance use case

Security hub can be used for automated compiance checks.

Out of the box Security Hub performes 43 fully automated checks.

They checks are based on the CIS foundations framework.

Security hub looks at configutation and use at the account level.

AWS config: looks at the resource level.

HUB = High level

Hub depends on config

To enable AWS hub you must first have AWS Config enabled.

Baseloine infomration for hub comes from AWS Config

This data refresheshes security hub in alomost realtime

Standards / Contoles and Checks

When enabling you are asked to select a security standard.

Some of these are:

• AWS securirty bes practices

• CIS AWS Foundations benchmarks

• NIST 800-53

• PCI-DSS

Processing payment infomration

Select PCI-DSS (45 controls)

Concerned about the CIA triad

Select NIST 800-53 (216 controls)

Once a standard is enabled security checks will be run.

AWS Config is used to run the security checks.

Checks can be done on a scedule.

Checks can be done whenver a change is detected.

Security hub uses the findings to generte a score.

Security hub insights

Managed insights:

These only work if the product is integrated.

Custom insights:

Can be created with Security HUB API, AWS CLI or PowerShell

You must select an attribute to group by.