More Related Content Similar to [NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018 (20) More from Amazon Web Services (20) [NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 20182. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing AWS Security Hub
Ely Kahn
Principal Product Manager
AWS Security Hub
S E C 3 7 9
Jack Bomkamp
Senior Technical Program Manager
AWS Security Hub
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Service introduction
Demonstration
Partner/customer use cases
Next steps
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS security workflow
ArchiveSnapshot
Protect Detect Respond RecoverIdentify
Investigate
Automate
Amazon
Macie
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Problem statement
1
Large volume of
alerts and the need
to prioritize
3
Dozens of security
tools with different
data formats
2
Ensure that your
AWS infrastructure
meets compliance
requirements
1
PrioritizationMultiple formats VisibilityCompliance
Lack of a single
pane of glass across
security and
compliance tools
4
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Hub overview
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Rollout plans and pricing
AWS Security Hub is rolling out today
as a public preview
Available at no additional cost except for AWS
Config costs for new AWS Config users
Open to everyone
Get started in a few clicks
Goal is to iterate on latest features with
customers before releasing as generally
available (GA)
Full API/CLI/SDK support
C++, Go, Java, JS, .Net, PHP, Python, Ruby
Supported Regions (15)
Asia Pacific (Mumbai)
Asia Pacific (Seoul)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)
Canada (Central)
EU (Frankfurt
EU (Ireland)
EU (London)
EU (Paris)
South America (Sao Paulo)
US East (N. Virginia)
US East (Ohio)
US West (N. California)
US West (Oregon)
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrations
Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integration examples — CrowdStrike
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integration examples — Alert Logic
1. Inspected data is transported to Alert Logic’s data
ingestion, processing, and analytics platform
2. Alert Logic’s threat detection and response
capability analyzes the data and identifies
incidents
3. An internal service (dedicated to AWS Security
Hub) assesses the incident for potential posting
to AWS Security Hub
4. The incident is then posted to the respective
customer’s AWS Security Hub console as a finding
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Examples of partner integration
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setup and multi-account
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Compliance checks
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Insights
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Response and remediation
Event (event-
based)
Rule
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private beta testers
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: LifeLock without AWS Security Hub
Flow logs
CWP events
Log aggregation
Evaluate scan results
Repeat until
event remediated
CWP manually scans
Amazon EC2 instance
Findings warrant
further investigation
Finding
Analyst investigation Analyst action
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: LifeLock with AWS Security Hub
AWS
Security Hub
CWP
CloudWatch
event
FindingsFindings
File scan
Scan Results
22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: The Pokémon Company and Demisto
➢ Business Challenges
Growing alerts No consistent process Long MTTR and risk
➢ Use Case
➢ Benefits
Unify security functions Keyless automation Orchestrate cloud security
23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: The Pokémon Company and Demisto
➢ Use Case
24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Custodian and AWS Security Hub
https://aws.amazon.com/blogs/opensource/cloud-custodian-integration-aws-security-hub
25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key takeaways
Collect and process security findings from multiple accounts within a region
Evaluate your compliance against regulatory and best practice frameworks
Identify and prioritize the most important issues by grouping and correlating security
findings with Insights
Understand and manage your overall AWS security and compliance posture
27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next steps
Try the preview: https://console.aws.amazon.com/securityhub/
Become a partner: Contact us at securityhub-partners@amazon.com
Learn more: https://aws.amazon.com/security-hub/
28. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ely Kahn
Twitter: @elykahn
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.