[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018

•

5 likes•4,426 views

AWS Security Hub is a new AWS service that provides a single place to manage security and compliance across AWS accounts. It integrates with other security tools and allows users to view findings from multiple accounts. Security Hub is available now for free in preview and aims to provide a centralized view of security posture and issues across an organization on AWS.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing AWS Security Hub
Ely Kahn
Principal Product Manager
AWS Security Hub
S E C 3 7 9
Jack Bomkamp
Senior Technical Program Manager
AWS Security Hub

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Service introduction
Demonstration
Partner/customer use cases
Next steps

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS security workflow
ArchiveSnapshot
Protect Detect Respond RecoverIdentify
Investigate
Automate
Amazon
Macie

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Problem statement
1
Large volume of
alerts and the need
to prioritize
3
Dozens of security
tools with different
data formats
2
Ensure that your
AWS infrastructure
meets compliance
requirements
1
PrioritizationMultiple formats VisibilityCompliance
Lack of a single
pane of glass across
security and
compliance tools
4

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Hub overview

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Rollout plans and pricing
AWS Security Hub is rolling out today
as a public preview
Available at no additional cost except for AWS
Config costs for new AWS Config users
Open to everyone
Get started in a few clicks
Goal is to iterate on latest features with
customers before releasing as generally
available (GA)
Full API/CLI/SDK support
C++, Go, Java, JS, .Net, PHP, Python, Ruby
Supported Regions (15)
Asia Pacific (Mumbai)
Asia Pacific (Seoul)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)
Canada (Central)
EU (Frankfurt
EU (Ireland)
EU (London)
EU (Paris)
South America (Sao Paulo)
US East (N. Virginia)
US East (Ohio)
US West (N. California)
US West (Oregon)

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integrations
Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integration examples — CrowdStrike

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Partner integration examples — Alert Logic
1. Inspected data is transported to Alert Logic’s data
ingestion, processing, and analytics platform
2. Alert Logic’s threat detection and response
capability analyzes the data and identifies
incidents
3. An internal service (dedicated to AWS Security
Hub) assesses the incident for potential posting
to AWS Security Hub
4. The incident is then posted to the respective
customer’s AWS Security Hub console as a finding

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Examples of partner integration

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setup and multi-account

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Compliance checks

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Insights

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Response and remediation
Event (event-
based)
Rule

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private beta testers

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: LifeLock without AWS Security Hub
Flow logs
CWP events
Log aggregation
Evaluate scan results
Repeat until
event remediated
CWP manually scans
Amazon EC2 instance
Findings warrant
further investigation
Finding
Analyst investigation Analyst action

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: LifeLock with AWS Security Hub
AWS
Security Hub
CWP
CloudWatch
event
FindingsFindings
File scan
Scan Results

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: The Pokémon Company and Demisto
➢ Business Challenges
Growing alerts No consistent process Long MTTR and risk
➢ Use Case
➢ Benefits
Unify security functions Keyless automation Orchestrate cloud security

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use case: The Pokémon Company and Demisto
➢ Use Case

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Custodian and AWS Security Hub
https://aws.amazon.com/blogs/opensource/cloud-custodian-integration-aws-security-hub

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key takeaways
Collect and process security findings from multiple accounts within a region
Evaluate your compliance against regulatory and best practice frameworks
Identify and prioritize the most important issues by grouping and correlating security
findings with Insights
Understand and manage your overall AWS security and compliance posture

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next steps
Try the preview: https://console.aws.amazon.com/securityhub/
Become a partner: Contact us at securityhub-partners@amazon.com
Learn more: https://aws.amazon.com/security-hub/

Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ely Kahn
Twitter: @elykahn

What's hot

Companies have to process, analyze, and extract meaning from ever-growing volumes of audio, image, and video data. Automating media workflows, such as image and video indexing or manual transcription for closed captions, can help you scale the growth of your media library and save time from manual, error-prone work. In this workshop, you learn how to automate workflows using the Media Analysis Solution, which includes Amazon Rekognition, Amazon Transcribe, and Amazon Comprehend. You learn how to extract metadata from media files and create a searchable library of metadata.

Build a Searchable Media Library & Moderate Content at Scale Using Machine Le...

Amazon Web Services

Help our Mythical Mysfits find their forever homes. Our Mythical stack now supports automated deployments. It's now time to take it to the next level. In this workshop, we give you the hands-on experience you need to run microservices in the real world. We focus on optimizations, management, and troubleshooting with AWS Fargate, Amazon CloudWatch, and other common tools. Proficiency in Docker and AWS is recommended. For a more foundational workshop, consider CON214 and CON321, our other workshops in this series.

Mythical Mysfits: Management and Ops with AWS Fargate (CON322-R1) - AWS re:In...

Amazon Web Services

EC2 High Memory instances offer 6 TB, 9 TB, and 12 TB of memory in a single instance. These instances are purpose-built to run large in-memory databases, including production deployments of the SAP HANA in-memory database, in the cloud. Join this session for a detailed look into these high-memory instances, and learn how you can use these EC2 instances in your Amazon VPC together with Amazon EBS to run mission-critical SAP HANA workloads to realize greater speed and agility. Hear how Whirlpool was able to leverage the agility and flexibility of this platform to move quicker with its own SAP workload needs.

Scale Your SAP HANA In-Memory Database on Amazon EC2 High Memory Instances wi...

Amazon Web Services

Learn how you can run your big data and machine learning models as many times as you want with Amazon EC2 Spot Instances. In this session, we discuss how to architect and run big data and machine learning workloads by combining common data processing applications with Spot Instances for scalable and cost-effective computing. We also highlight real-world customer examples with machine learning workloads running on Spot Instances.

Save up to 90% on Big Data and Machine Learning Workloads with Spot Instances...

Amazon Web Services

Edge computing is all about moving compute power to the source of the data instead of having to bring it to the cloud. The edge is a fundamental part of IoT, and it is not only about connecting things to the internet. In this sesssion, we discuss how AWS Greengrass, which is an IoT edge software, can power devices small and large, from a sensor all the way to a wind turbine. With AWS Greengrass, these IoT devices can securely gather data, keep device data in sync, and communicate with each other while still using the cloud for management, analytics, and durable storage. Join us to learn more about the edge of IoT.

Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. General El...

Amazon Web Services

Organizations that use data as a competitive differentiator are more likely to lead and outperform their peers. Many organizations have transformed their data architectures and adopted the cloud to meet a variety of scalability and automation challenges. In this session, we develop a blueprint for data flows from data sources to data lakes, data warehousing, advanced analytics, and machine learning (ML). We look at the big picture, understand how to build data pipelines and repositories for different use cases, and enable data science at enterprise scale in a way that unleashes the value of corporate data, and embeds AI/ML in business processes.

Drive Customer Value with Data-Driven Decisions (GPSBUS206) - AWS re:Invent 2018

Amazon Web Services

Learn how Symantec uses AWS to provide complete, integrated security solutions that monitor and protect companies and governments from hackers. Hear about lessons learned from how Symantec scaled up its infrastructure to analyze billions of logs every day to detect the world’s most sophisticated cyber attacks, and you’ll see how Symantec integrates with native AWS services, like Amazon GuardDuty, AWS Lambda, and AWS Systems Manager, into its own security solutions to provide even better security in the cloud. This session is brought to you by AWS partner, Symantec Corporation.

AWS and Symantec: Cyber Defense at Scale (SEC311-S) - AWS re:Invent 2018

Amazon Web Services

At AWS, we obsess over operational excellence. We have a deep understanding of system availability, informed by over a decade of experience operating the cloud and our roots of operating Amazon.com for nearly a quarter-century. One thing we've learned is that failures come in many forms, some expected, and some unexpected. It's vital to build from the ground up and embrace failure. A core consideration is how to minimize the "blast radius" of any failures. In this talk, we discuss a range of blast radius reduction design techniques that we employ, including cell-based architecture, shuffle-sharding, availability zone independence, and region isolation. We also discuss how blast radius reduction infuses our operational practices.

How AWS Minimizes the Blast Radius of Failures (ARC338) - AWS re:Invent 2018

Amazon Web Services

Understanding gamer behavior is critical in acquiring, retaining, and monetizing users effectively. The cycle requires constant fine-tuning through expensive and complex live operations to offer fresh, fun, and challenging experiences. In this session, learn how Rovio uses machine learning (ML) to make this process faster, more efficient, and more accurate. Learn how to leverage AWS compute, analytics, and database services, such as Amazon S3, Amazon EC2, Amazon EMR, Amazon Athena, Amazon DynamoDB, and Amazon Redshift, to build an ML workflow that predicts the future interests and behaviors of gamers to better serve your needs and theirs.

How Rovio Uses ML to Acquire, Retain, and Monetize Users (GAM304) - AWS re:In...

Amazon Web Services

使用 AWS Step Functions 靈活調度 AWS Lambda (Level:200)

Amazon Web Services

Modernization involves implementing business processes and technology that provide your business applications with high availability, agility, and elasticity. Nowhere is this more important than in breaking apart the monolith. Modernizing an application as part of a migration can be extremely successful if you follow the AWS migration methodology of “discover, plan, migrate, and optimize” as you move that application to the cloud. In this session, we share what we learned from over 400 successful migrations. We also show you how to virtually break a monolith to a modernized architecture as part of the planning phase and accelerate your migration using container technologies and application discovery tools.

Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018

Amazon Web Services

Have you ever had sleepless nights because you couldn't meet your Recovery Point and Time Objectives? What about recovering data in the event of a disaster? If you're a backup or storage architect, the answer is most likely "yes." Come to this session to learn how Cohesity can help you build an enterprise-grade solution for long-term retention, development and testing, and disaster recovery. Hear how Airbud Entertainment is using the Cohesity DataPlatform and AWS storage services, such as Amazon S3, and Amazon Glacier, to simplify their backup and long-term retention strategy and architecture. This session is brought to you by AWS partner, Cohesity, Inc.

Building a Hybrid Architecture: Enterprise Backup & Recovery (ENT212-S) - AWS...

Amazon Web Services

What if you could scale your rendering pipeline to near-limitless capacity- what would that mean for your studio? Learn how Amazon EC2 Spot and AWS Thinkbox Deadline can help scale your VFX and CG rendering pipeline, creating faster feedback cycles and most artist time focused on creating content, and how you can optimize your compute costs along the way. This session focuses on rendering workloads combining Deadline (an AWS rendering pipeline management tool) and Spot for scalable cost-effective computing. Find out how real customers working on Hollywood productions are integrating their pipelines with AWS to realize the elasticity and scale provided by Amazon EC2, as well as how they intend to leverage AWS in the future to scale their superpowers.

Scale Your Studio: Rendering with Spot and Deadline on AWS (CMP202) - AWS re:...

Amazon Web Services

In this session, learn how Dr. Julia Lane, Director of the Administrative Data Research Facility (ADRF) at NYU, used AWS and AWS Public Sector Partner Earthling Security to build a software-as-a-service (SaaS) research and analysis environment that hosts sensitive U.S. Census Bureau data. The ADRF hosted almost 50 confidential government data sets from 12 different agencies at all levels of government. The ADRF chose AWS to meet strict security and governance requirements such as FedRAMP compliance, ease of implementation, and robust native security. AWS provided NYU a complete set of infrastructure, application, and security services perfectly suited for U.S. government requirements. In addition, AWS discusses how these principles and practices can be applied to an organization's governance, risk, and compliance needs.

Building a Governance, Risk, and Compliance Strategy with AWS (WPS204) - AWS ...

Amazon Web Services

Many enterprises want to drive faster cloud adoption and time to market (TTM) by allowing their developers, who have various skill sets, to onboard onto AWS quickly using self-service. However, enabling security, governance, and compliance while not compromising user experience can be a challenge. In this session, Verizon demonstrates how they use the AWS Service Catalog Connector for ServiceNow to create a robust self-service computing environment while meeting Verizon’s governance and security controls and achieving their goal of migrating > 30% of their applications onto AWS in a short timeframe.

How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...

Amazon Web Services

Digital Transformation Playbook in Five Steps (ARC322) - AWS re:Invent 2018

Amazon Web Services

You may have heard of the buzzwords “chaos engineering” and “containers.” But what do they have to do with each other? In this session, we introduce chaos engineering and share a live demo of how to practice chaos engineering principles on AWS. We walk through chaos engineering practices, tools, and success metrics you can use to inject failures in order to make your systems more reliable.

Breaking Containers: Chaos Engineering for Modern Applications on AWS (CON310...

Amazon Web Services

We're working on a new major version of the AWS Command Line Interface (AWS CLI), a command-line tool for interacting with AWS services and managing your AWS resources. AWS CLI v2 will include features to improve workflows and make it even easier to manage AWS resources through the AWS CLI. Come hear from the core developers of the AWS CLI as we highlight some of the new features and major improvements in AWS CLI v2. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018

Amazon Web Services

AWS 良好架構服務概述 (Level: 200)

Amazon Web Services

Even the best continuous delivery and DevOps practices cannot guarantee that there will be no issues in production. The rise of Site Reliability Engineering (SRE) has promoted new ways to automate resilience into your system and applications to circumvent potential problems, but it’s time to “shift-left” this effort into engineering. In this session, learn to leverage AWS Lambda functions as “remediation as code.” We show how to make it part of your continuous delivery process and orchestrate the invocation of Self-Healing Lambda functions in case of unexpected situations impacting the reliability of your system. Gone are the days of traditional operation teams—it’s the rise of “shift-lefters”! This session is brought to you by AWS partner, Dynatrace.

Shift-Left SRE: Self-Healing with AWS Lambda Functions (DEV313-S) - AWS re:In...

Amazon Web Services

What's hot (20)