AWS Security Hub is a security and compliance service that was officially launched for general availability on June 25, 2019. Security Hub provides users with comprehensive visibility into the security and compliance status across multiple AWS accounts in a unified dashboard across regions. With this service, you can monitor key settings to ensure your AWS accounts remain secure, while staying aware of various changes in your environment and responding quickly and appropriately.

How It Works

Benefits and Features

Comprehensive View of Security Issues

AWS Security Hub collects and consolidates findings from enabled AWS security services in your environment, such as intrusion detection results from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and S3 bucket policy findings from Amazon Macie. AWS Security Hub also consolidates findings from integrated AWS Partner Network (APN) security solutions. All findings are stored in AWS Security Hub for at least 90 days.

Automated, Continuous Security Checks

Automate continuous account and resource-level configuration and security checks using industry standards and best practices. For example, AWS Security Hub automatically runs the Center for Internet Security (CIS) AWS Foundations Benchmark, a set of security configuration best practices for AWS. If any of your accounts or resources deviate from best practices, AWS Security Hub flags the issues and suggests remediation steps.

Custom Response and Remediation

Integrating AWS Security Hub with Amazon CloudWatch Events enables you to create custom response and remediation workflows. You can easily send findings to SIEM, chat tools, ticketing systems, security orchestration automation and response tools, and on-call management platforms. You can also build automated remediation workflows triggered from Security Hub using AWS Systems Manager automation documents, AWS Step Functions, and AWS Lambda functions.

Multi-Account Support

With just a few clicks in the AWS Security Hub console, you can connect multiple AWS accounts and consolidate findings from those accounts. By designating a master security account, you enable your security team to view consolidated findings across all accounts, while individual account owners can only view findings related to their accounts.

Use Cases

Security Scanning

Continuously scan your AWS accounts using various security standards to check for misconfigurations, and aggregate security check results at the account and multi-account levels to understand your overall security posture.

Classify and Prioritize Security Issues

Use AWS Security Hub's summary dashboard and filtering rules to identify and prioritize findings from AWS security services and partner security integrations, determining which are most important and require the most immediate attention.

Pricing

Security Checks Pricing

First 100,000 checks per account per region per month: $0.0010 per check

Next 400,000 checks per account per region per month: $0.0008 per check

Checks over 500,000 per account per region per month: $0.0005 per check

Finding Ingestion Events

Finding ingestion events associated with Security Hub security checks: Free

First 10,000 events per account per region per month: Free

Events over 10,000 per account per region per month: $0.00003 per event

For further assistance or services, please leave a message. UltraPower Cloud Business will provide automation tools and professional services.

Back to Tech Blog