Amazon Security Hub

AWS Security Hub is a comprehensive security management service that provides a central view of security alerts and compliance status across your AWS accounts. Here are some key aspects you should know about Security Hub:

1. Consolidated View of Security Posture

Security Hub aggregates findings from various AWS services like Amazon GuardDuty, AWS Config, Amazon Macie, and AWS Firewall Manager. It provides a consolidated dashboard, enabling you to monitor and manage security and compliance status across multiple AWS accounts.

2. Security Standards and Best Practices

Security Hub provides automated checks against industry standards and best practices, including:
- AWS Foundational Security Best Practices: A set of controls that detect when AWS accounts and resources deviate from best practices.
- CIS AWS Foundations Benchmark: Best practices for securing AWS accounts, designed by the Center for Internet Security (CIS).
- NIST Special Publication 800-53: A framework for managing information security and privacy risk.
- PCI DSS: For customers needing to comply with Payment Card Industry Data Security Standard.
You can enable one or more standards to continuously monitor your AWS environment for compliance.

3. Automated Security Checks

Security Hub runs continuous automated security checks against your AWS resources to identify security issues and non-compliance with best practices. Findings are categorized by severity and include information to help you address the identified issues.

4. Findings Aggregation and Normalization

Security Hub collects findings from integrated AWS services and partner products. Findings are normalized into a standardized AWS Security Finding Format (ASFF), which allows you to view and filter results consistently across various sources.

5. Integrations

Security Hub integrates with other AWS services such as:
- Amazon GuardDuty: For threat detection.
- AWS Config: For compliance checks.
- AWS IAM Access Analyzer: For identifying resource access.
- Amazon Macie: For discovering and securing sensitive data.
It also integrates with third-party security products and services, allowing you to further extend its capabilities.

6. Security Hub Insights

Insights are pre-built queries that help you identify specific types of findings, such as misconfigured IAM permissions, exposed data storage, or unpatched vulnerabilities. You can create custom insights tailored to your organization's needs.

7. Cross-Account and Cross-Region Management

Security Hub supports multi-account and multi-region setups, enabling centralized security management for an organization with multiple AWS accounts. This is particularly useful in a multi-account strategy for streamlined security operations.

8. Automated Remediation

Findings in Security Hub can trigger AWS CloudWatch Events, allowing you to automate remediation actions using AWS Lambda, Systems Manager Automation, or Step Functions. This can help in quickly addressing security issues.

9. Custom Actions

Security Hub lets you create custom actions that allow you to take specific actions directly from the console, like sending findings to a ticketing system, initiating a workflow, or invoking a custom Lambda function.

10. Security Score

Security Hub provides a security score that gives you a summary of your environment's compliance with enabled security standards. This score helps you prioritize and track your security posture over time.

11. Compliance Reporting

With compliance checks against standards like CIS, NIST, and PCI DSS, Security Hub can generate reports that you can use for audits and compliance demonstrations.

1. Consolidated View of Security Posture​

2. Security Standards and Best Practices​

3. Automated Security Checks​

4. Findings Aggregation and Normalization​

5. Integrations​

6. Security Hub Insights​

7. Cross-Account and Cross-Region Management​

8. Automated Remediation​

9. Custom Actions​

10. Security Score​

11. Compliance Reporting​