SlideShare a Scribd company logo

How to act on your security and compliance alerts with AWS Security Hub - FND218 - AWS re:Inforce 2019

Learn about AWS Security Hub and how it gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. See how Security Hub aggregates, prioritizes, and helps you act on your alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions.

1 of 35
Download to read offline
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
How to act on your security and compliance alerts
with AWS Security Hub
F N D 2 1 8
Ely Kahn
Principal Product Manager
AWS Security Hub
Scott Ward
Principal Solutions Architect
AWS Partner Network
Jason Fuller
Head of Cloud Management and Operations
HERE Technologies
Rob Morris
Cloud Engineer
Northwestern Mutual
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS Security Hub overview
Customer use cases
Taking action deep dive
Demonstration
Wrap-up
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related workshops
Tuesday, June 25
FND213: Hands-on with AWS Security Hub
5:15 – 7:15 PM | Level 2, Room 210C
Tuesday, June 25
GRC330: Compliance automation: Set it up fast, then code it your way
2:45 – 4:45 PM | Level 2, Room 210C
Wednesday, June 26
FND213-R1: Hands-on with AWS Security Hub
11:15 AM – 1:15 PM | Level 2, Room 210A
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Problem statements
Large volume of
alerts and the need
to prioritize and
take action
3
Dozens of security
tools with different
data formats
2
Many compliance
requirements and
not enough time to
build the rules
1
Too many security
alerts
Too many security
alert formats
Backlog of
compliance
requirements
Lack of an
integrated view of
security and
compliance across
accounts
4
Lack of an
integrated view
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Hub overview

Recommended

Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
 
An AWS approach to higher standards of assurance with provable security - FND...
An AWS approach to higher standards of assurance with provable security - FND...An AWS approach to higher standards of assurance with provable security - FND...
An AWS approach to higher standards of assurance with provable security - FND...Amazon Web Services
 
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...
Root CA hierarchies for AWS Certificate Manager (ACM) Private CA - FND320 - A...Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...How encryption works in AWS: What assurances do you have that unauthorized us...
How encryption works in AWS: What assurances do you have that unauthorized us...Amazon Web Services
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Teri Radichel
 

More Related Content

What's hot

Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...Amazon Web Services
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...Amazon Web Services
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Amazon Web Services
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019 It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019 Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
 

What's hot (20)

Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
 
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
 
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
Using ML with Amazon SageMaker & GuardDuty to identify anomalous traffic - SE...
 
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
Enforcing security invariants with AWS Organizations - SDD314 - AWS re:Inforc...
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
 
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...Leverage the security & resiliency of the cloud & IoT for industry use cases ...
Leverage the security & resiliency of the cloud & IoT for industry use cases ...
 
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019 Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
Data encryption concepts in AWS - FND302 - AWS re:Inforce 2019
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
 
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019 It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019 Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
Build security into your golden AMI pipeline - DEM08 - AWS reInforce 2019
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
 

Similar to How to act on your security and compliance alerts with AWS Security Hub - FND218 - AWS re:Inforce 2019

How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...Amazon Web Services
 
Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...Amazon Web Services
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
 Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019  Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019 Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018Amazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019John Varghese
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Amazon Web Services
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019  Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Amazon Web Services
 

Similar to How to act on your security and compliance alerts with AWS Security Hub - FND218 - AWS re:Inforce 2019 (20)

How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
How to act on security and compliance alerts with AWS Security Hub - SEC202 -...
 
Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
 Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019  Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
Hands-on with AWS Security Hub - FND213-R - AWS re:Inforce 2019
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
 
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
Pop the hood: Using AWS resources to attest to security of the cloud - GRC310...
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019  Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
 
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
Build end-to-end IT lifecycle management on AWS - FND301-R - AWS re:Inforce 2...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

How to act on your security and compliance alerts with AWS Security Hub - FND218 - AWS re:Inforce 2019

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How to act on your security and compliance alerts with AWS Security Hub F N D 2 1 8 Ely Kahn Principal Product Manager AWS Security Hub Scott Ward Principal Solutions Architect AWS Partner Network Jason Fuller Head of Cloud Management and Operations HERE Technologies Rob Morris Cloud Engineer Northwestern Mutual
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda AWS Security Hub overview Customer use cases Taking action deep dive Demonstration Wrap-up
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Related workshops Tuesday, June 25 FND213: Hands-on with AWS Security Hub 5:15 – 7:15 PM | Level 2, Room 210C Tuesday, June 25 GRC330: Compliance automation: Set it up fast, then code it your way 2:45 – 4:45 PM | Level 2, Room 210C Wednesday, June 26 FND213-R1: Hands-on with AWS Security Hub 11:15 AM – 1:15 PM | Level 2, Room 210A
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Problem statements Large volume of alerts and the need to prioritize and take action 3 Dozens of security tools with different data formats 2 Many compliance requirements and not enough time to build the rules 1 Too many security alerts Too many security alert formats Backlog of compliance requirements Lack of an integrated view of security and compliance across accounts 4 Lack of an integrated view
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Hub overview
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Generally availableas of today Supported Regions (15) Asia Pacific (Mumbai) Asia Pacific (Seoul) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Canada (Central) EU (Frankfurt) EU (Ireland) EU (London) EU (Paris) South America (São Paulo) US East (N. Virginia) US East (Ohio) US West (N. California) US West (Oregon) New features since preview began • Amazon CloudWatch Events • CIS compliance standard improvements • Tag-based access controls and cost allocation • AWS CloudFormation • Performance improvements • Localization
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Partner integrations Firewalls Vulnerability Taking action Endpoint Compliance MSSP Other
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Some of our current customers
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Use pattern 1: Centralized security and compliance workspace Goal Have a single pane of glass to view, triage, and take action on AWS security and compliance issues across accounts Personas SecOps, compliance, and/or DevSecOps teams focused on AWS, Cloud Centers of Excellence, the first security hire Key processes example 1. Ingest findings from finding providers 2. High-volume and well-known findings are programmatically routed to remediation workflows, which include updating the status of the finding 3. Remaining findings are routed to analysts via an on-call management system, and they use ticketing and chat systems to resolve them Taking action integrations Ticketing systems, chat systems, on-call management systems, SOAR platforms, customer-built remediation playbooks
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Use pattern 2: Centralized routing to a SIEM Goal Easily route all AWS security and compliance findings in a normalized format to a centralized SIEM or log management tool Personas SecOps, compliance, and/or DevSecOps teams Key processes example 1. Ingest findings from finding providers 2. All findings are routed via Amazon CloudWatch Events to a central SIEM that stores AWS and on-premises security and compliance data 3. Analyst workflows are linked to the central SIEM Taking action integrations SIEM
  • 13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Use pattern 3: Dashboard for account owners Goal Provide visibility to AWS account owners on the security and compliance posture of their account Personas AWS account owners Key processes example 1. Ingest findings from finding providers 2. Account owners are given read-only access to Security Hub 3. Account owners can use Security Hub to research issues that they are ticketed on or proactively monitor their own security and compliance state Taking action integrations Chat, ticketing
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Views, thoughts, and opinions expressed in the presentation belong solely to the author and not necessarily to the author’s employer, organization, committee, or other group or individual.
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Background
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What does AWS Security Hub provide? Provide insight about account security posture to account owners
  • 17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How do we use AWS Security Hub?
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 4 of 5 in-car navigation systems in Europe and North America use HERE maps 10,000+ employees in 56 countries 30+ years of experience transforming location technology 400+ HERE cars collecting data for maps 200 countries mapped HD live map covering 600,000+ kilometers for autonomous driving 1,600 cities with transit routing in over 50 countries 700,000 3D data points per second per car 15,000 venues mapped globally HERE in numbers © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. HERE: Open location platform The place for intelligent data usage and development Data Developer environment and platform foundation Services and solutions Data marketplace
  • 20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. HERE: Current management Our solution is layered in people and technologies Amazon GuardDuty, Cloud Custodian, AWS Organizations AWS Security Hub SIEM, alerting, and security response AWS
  • 21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Taking action with AWS Security Hub AWS Security Hub Amazon CloudWatch Events Amazon GuardDuty Amazon Inspector Amazon Macie Third-party providers
  • 23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Hub taking action partner integration
  • 24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Taking action on all findings
  • 25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Event pattern examples { “source”: [ “aws.securityhub” ], “detail-type”: [ “Security Hub Findings” ], “detail”: { “findings”: { “Resources”: { “Tags”: { “Environment”: [ “PCI” ] } } } } } Filter by tags
  • 26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Event pattern examples Filter by severity { “source”: [ “aws.securityhub” ], “detail-type”: [ “Security Hub Findings” ], “detail”: { “findings”: { “Severity”: { “Normalized”: [ 95, 96, 97, 98, 99, 100 ] }}}}
  • 27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom actions in Security Hub
  • 28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom actions in Security Hub
  • 29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom actions in Security Hub Rule Event { "source": [ "aws.securityhub" ], "resources": [ "arn:aws:securityhub:us-west- 2:xxxxxxxxxxxx:action/custom/send_to_email" ] }
  • 30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom actions in Security Hub Rule Event Rule Event Rule Event Run command
  • 31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Custom actions in Security Hub
  • 32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Next steps Try the 30-day trial: https://console.aws.amazon.com/securityhub/ Become a partner: Contact us at securityhub-partners@amazon.com Learn more: https://aws.amazon.com/security-hub/
  • 35. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Ely Kahn elykahn@amazon.com Scott Ward scotward@amazon.com