AWS Security Hub is a tool that provides comprehensive insight into AWS security and compliance with safety standards and best practices.
Security Hub centralizes and prioritizes security and compliance across different AWS accounts. All this to help you analyze security, security levels and identify problems and threats with the highest priority.
AWS Security Hub is dedicated primarily to clients processing and analyzing large amounts of data, especially those with high confidentiality status. Thanks to its diversity and adaptability – AWS Security Hub is an ideal solution for companies operating in areas such as Big Data, SaaS or E-commerce.
AWS Security Hub is a tool that collects notifications from such services as Amazon GuardDuty, Amazon Macie or Amazon Inspector. In addition, it can also collect notifications from AWS partners who offer security services, such as Symantec, McAfee. Thanks to it, we gain a reliable and transparent report with ready charts and tables. The service allows you to monitor the environment in the spirit of best practices and verify the compliance of the solution with selected standards.
How does AWS Security Hub work?
The principle is quite simple. The user determines which AWS services responsible for security and compliance gives access to the AWS Security Hub service on all AWS accounts he wants to monitor. Next, AWS Security Hub performs uninterrupted analysis, creates reports and charts showing inaccuracies related to security and compliance. Thanks to this, in a very quick and easy way we get comprehensive information related to the security level of the examined environment.
After launching the service, its panel will display information on how security data changes over time. It is clear, which services generate the most notifications and you can easily identify the threats with the highest priority.
What are the advantages of this solution?
Firstly – AWS Security Hub saves our time by creating accurate reports on security gaps while using such services as Amazon Inspector or Amazon Macie for detecting them.
Secondly – thanks to automated controls, compliance with the best practices and standards related to security are clearly improved. An example of this is the compliance checks with the AWS CIS Foundations Benchmark requirements.
Thirdly – thanks to the accurate charts and tables that are created in the tool, you can easily identify potential threats and take the necessary actions. Threat notification can be sent thanks to integration with the Amazon CloudWatch Events service.
Seeing the benefits that can be achieved through the implementation of AWS Security Hub, you will certainly be asking for costs.
The calculation can be broken down to:
- compliance checks – they are performed by the tool in relation to standards such as CIS AWS Foundations Benchmark. Compliance checks are counted for the number of controls on all resources in the account in your region.
- finding ingestion events – here event information is accumulated from other AWS services and partner services that are downloaded and processed by the AWS Security Hub. Event search and analysis is calculated according to the number of events per account in your region.
The availability of the service can be found in the region table.
In summary, AWS Security Hub is not an alternative to existing security services, but it is complementary and strengthening of existing ones. This solution, through integration with other services offered by AWS, gives an additional layer of context that is intended to help in the analysis of security. It is also important that the Security Hub does not duplicate the settings or specialized functions of other tools, providing detailed information on potential threats and gaps in the security of our environment.
As a summary of the AWS Security Hub service, we have prepared an infographic.
Click on the image below to view its full version.