On the Security Hub Dashboard, you can see a summary of findings, insights, and compliance status for your AWS environment. Review the summary to understand your current security posture.
Standards:
In the left-hand menu, click on Security standards to view the enabled security standards such as CIS AWS Foundations Benchmark, AWS Foundational Security Best Practices, PCI DSS, and NIST. Each standard provides a set of controls that Security Hub uses to evaluate your account’s security compliance.
Findings:
Select Findings from the left-hand menu to view detailed security findings. These findings are aggregated from multiple AWS services like GuardDuty, Inspector, and IAM Access Analyzer. Use the filters to explore findings by Severity, Compliance standard, Region, and Resource.
Insights:
Click on Insights to view pre-built insights provided by Security Hub, such as resources with High severity findings or Open findings. Insights provide an aggregated view of related security information for more efficient analysis.
3. Exploring the AWS Well-Architected Framework Pillars
Review the Dashboard for an overview of your security status. Use the insights in the Insights section to identify patterns in findings, such as persistent misconfigurations or recurring security issues. This overview supports continuous improvement of your security operations.
Automated Compliance Checks:
In the Security standards section, review the results for each enabled security standard. AWS Security Hub automatically checks your environment against these standards, helping you identify non-compliant resources and improving operational efficiency.
Findings Management:
In the Findings section, explore how findings are aggregated and categorized. Efficient management of findings, including filtering and sorting, aids in prioritizing and addressing operational security issues.
Integration with Other Services:
Under Settings, select Integrations to review services integrated with Security Hub, such as Amazon GuardDuty, Amazon Inspector, and AWS Config. These integrations help centralize security information, enhancing operational monitoring and response capabilities.
In the Security standards section, explore the list of enabled compliance standards (e.g., CIS AWS Foundations Benchmark, PCI DSS). Each standard contains a list of controls and checks that are automatically applied to your resources. Reviewing these standards helps you assess your environment's compliance with security best practices.
Review Findings:
Go to the Findings section to review security findings from different sources like GuardDuty, Inspector, and IAM Access Analyzer. Findings are categorized by severity and type, helping you quickly identify critical security issues.
Insights for Security Analysis:
Use the Insights section to find aggregated security data, such as resources with unpatched vulnerabilities or publicly accessible storage buckets. This consolidated view helps you identify and respond to potential security threats efficiently.
Finding Details:
Click on individual findings to review their details, including the Resource affected, Severity, Recommended remediation, and Compliance status. This information provides actionable steps to address security issues.
Security Hub provides continuous, automated monitoring of your environment against multiple security standards. Under Security standards, review how Security Hub automatically checks for compliance, which helps maintain a reliable security posture.
Integration with CloudWatch:
Check the Integrations section to see if Security Hub is integrated with Amazon CloudWatch. This integration allows findings to trigger alerts or automated responses, contributing to a more reliable incident management process.
Cross-Account and Multi-Region Support:
In the Settings section, explore Multi-account configurations if Security Hub is enabled across multiple AWS accounts. Cross-account and multi-region monitoring enhance the reliability of your overall security operations by providing a unified security view.
Findings Aggregation:
Review the Findings section to see how Security Hub aggregates findings from various AWS services. Centralized findings help ensure a consistent and reliable approach to managing and mitigating security risks across your environment.
In the Security standards section, review the standards that are currently enabled. Enabling only the necessary standards for your compliance needs helps reduce the operational costs associated with processing findings.
Filter and Prioritize Findings:
In the Findings section, use filters to sort and prioritize findings based on Severity, Type, and Resource. Focusing on high-severity issues allows you to optimize resource allocation for addressing critical security concerns, reducing the time and cost of managing less critical findings.
Integration Management:
Under Integrations, review the list of services and third-party products integrated with Security Hub. Disable integrations that are not actively used to avoid unnecessary processing costs and complexity.
Use the Dashboard to monitor findings from integrated services like GuardDuty, Inspector, and IAM Access Analyzer. Centralizing security management in Security Hub improves performance by reducing the need to manually check each service for security issues.
Automated Insights:
In the Insights section, leverage automated insights to identify security risks quickly, such as Unpatched instances or Misconfigured resources. These insights help streamline the identification and remediation process, enhancing security performance.
Custom Actions:
Although not configurable with read-only access, you can view existing Custom actions under Settings. Custom actions automate responses to findings (e.g., sending notifications, invoking Lambda functions) to optimize incident response performance.
Integration with Security Tools:
Check the Integrations section for other security tools integrated with Security Hub (e.g., AWS Config, CloudTrail). Using integrated security tools enhances performance efficiency by providing a unified, real-time view of security events and compliance status.
Use Amazon CloudWatch (if integrated) to create alarms for critical findings in Security Hub. This enables proactive monitoring and incident response.
AWS Config:
If AWS Config is enabled, review the Compliance section within AWS Config for rules that align with Security Hub findings. This cross-checking ensures consistent security monitoring and compliance.