SlideShare a Scribd company logo

AWS Security Hub Deep Dive

N
Nagesh Ramamoorthy

A deep dive session on AWS Security Hub service which is the single most important service in AWS to know the security and compliance posture across AWS accounts.

1 of 26
AWS Security Hub Deep Dive Nagesh Ramamoorthy 15-04-2020 1
Agenda Part1 • Security Hub Overview • Multi-Account Structure • Access And Privileges • Findings • Insights • Integrations Part2 • CIS Compliance • Service Linked Config Rules • Findings – status, overall status , severity • Security Score • Pricing
4/15/2020 3 Part 1 : General features
Definition AWS security Hub provides a comprehensive view of security posture across the AWS accounts and checks the compliance status against industry standards like CIS , PCI DSS 15-04-2020 4
Core Features Receive the security findings input from various security services of AWS account(s) Receive and/or send security findings from third party providers Check for compliance of industry standard controls like CIS benchmark and PCI DSS and generate security findings if required Tight Integration with CloudWatch and CloudTrail native services for Alerting and Logging 15-04-2020 5
Overview • Generally available since June 2019 • AWS Security Hub is a regional service. • Available in 19 regions • There is a free trial of 90 days for Security Hub • Security Hub is SOC, ISO, PCI, and HIPAA certified • Security Hub is integrated with cloudTrail and cloudwatch. • When we enable security hub in a given region, it automatically starts reading the findings from the AWS services and optionally we can enable industry standards like CIS and PCI DSS • Security Hub is a multi-tenant service offering. To ensure data protection, Security Hub encrypts data at rest and data in transit between component services 15-04-2020 6
Added accounts are member accounts. With the master account, you can view findings in member accounts Multi-Account structure Master Account Member Account Member Account If your invitations are accepted by a member account , your account is designated as the Security Hub master account Master Account Member Account 15-04-2020 7
Multi-Account Structure • Adding a member account is a three step process • Add an account from the master account • Invite the added account from Master • Accept the invite from member account • When the invited account accepts the invitation, permission is granted to the master account to view the findings from the member account. • The master account can also perform actions on findings in a member account. • An account cannot be both a Security Hub master account and a member account at the same time. An account can accept only one membership invitation • If your account is the master account, you can't accept an invitation to become a member account. • We can monitor findings from multiple member accounts in a region, but can't view the findings across regions in an account 15-04-2020 8
Access and Privileges • By default accessible only to account owners • IAM users can be given with two levels of access using the below managed IAM policies: AWSSecurityHubFullAccess – Provides access to all Security Hub functionality AWSSecurityHubReadOnlyAccess – Provides read-only access to Security Hub • Security Hub creates a service linked role called "AWSServiceRoleForSecurityHub" that needs access to below actions: o Detect and aggregate findings from AWS services , Macie, Inspector, Guard duty etc o Configure requisite AWS config rules to check compliance against industry standard CIS benchmarks • The AWSServiceRoleForSecurityHub service-linked role is automatically created when you enable Security Hub for the first time or enable Security Hub in a supported Region where you previously didn't have it enabled For the Security Hub Users For the Security Hub service 15-04-2020 9
Findings • The findings tab lists all the findings from all the sources. Findings tab supports Group by and Filter attributes. • By default status filter has been set to "Active" . • Findings Record state can be changed from "Active" to "Archived" 15-04-2020 10
Findings Format Each security finding follows a defined Json format as below which includes detailed information about the finding, so that there is no format conversion required to transfer the data between tools "Findings": [ { "AwsAccountId": "string", "Compliance": { "Status": "string", "RelatedRequirements": ["string"] }, "Confidence": number, "CreatedAt": "string", "Criticality": number ….............. 15-04-2020 11
Insights • Insights are a group of findings which can be created by "Group by" filter with optional additional filters. • There are managed Insights by AWS which can't be deleted or edited . We can create custom Insights. • There are 30 managed Insights available today , examples include • AWS resources with the most findings • AWS users with the most suspicious activity 15-04-2020 12
Integrations • The Integrations tab shows the list of current integrations to AWS security Hub. • It first shows the AWS services integrations and they followed by the third party integrations. • Each integration has the details like : company name , product name , description , How to enable the integration and current status of the integration. • By default the AWS services are integrated once the AWS service is enabled , but the third party products to be enabled manually. • AWS Services Integrated: AWS Macie, Detective, Gaurd Duty , Inspector, Firewall Manager, IAM Access Analyzer 15-04-2020 13
Third Party Integrations • There are around ~50 third party integrations as per the official documentation. • Each product integration either sends findings to Security hub or receives the findings from the security hub. Eg IBM Qradar does both send and receive the findings. • The integrations tab provides the opportunity to enable or disable the integrations including the default AWS services integrations. • We can do custom integration by programmatically sending findings using the BatchImportFindings API . • Some of third party integrations: CyberArk: Privileged Threat Analytics , Symantec: Cloud Workload Protection, Splunk: Splunk Enterprise, IBM: QRadar SIEM, Forcepoint: Forcepoint NGFW 15-04-2020 14
4/15/2020 15 Part 2 : CIS Compliance
CIS benchmark for AWS Center for Information Security (CIS) is a non-profit organization specialized into Cyber security and produces security standards for various popular software products including AWS. 15-04-2020 16 recommendations : 22 Level 1: 20 ( 4 not scored ) Level 2: 2 ( 1 not scored ) Recommendations: 9 Level 1: 5 Level 2: 4 Recommendations: 14 Level 1 : 9 Level 2: 5 Recommendations : 4 Level 1 : 2 Level 2 : 2 ( 1 not scored) Section 1 : IAM Section 2 : Logging Section 3 : Monitoring Section 4 : Networking Security supports all the 43 scored recommendations ( controls) leaving remaining 6 unscored recommendations CIS_Controls_deta ils
Approach • Security Hub also generates its own findings as the result of running automated and continuous checks against the rules in a set of supported security standards. • To run security checks on your environment's resources, AWS Security Hub either uses steps specified by the standard, or uses specific AWS Config managed rules • For the standards to be functional in Security Hub, before you enable a security standard, you must also enable AWS Config in your Security Hub accounts • If you enable AWS Config in your Security Hub master account, this does not automatically enable AWS Config in the Security Hub member accounts for this master account. 15-04-2020 17
AWS Config Service-Linked Rules • After you enable a security standard, Security Hub automatically creates the AWS Config service-linked rules that it needs to run checks against the enabled controls. • These service-linked rules are specific to Security Hub. It creates these service-linked rules even if other instances of the same rules already exist. • You can enable a security standard even if you already have maximum limit of 150 AWS Config managed rules in your account. • For service-linked rules such as the ones that Security Hub adds for security standards, the limit is 150 rules per account per Region. This is in addition to the 150-rule limit on AWS Config managed rules • When a security standard is disabled , the related AWS Config rules that Security Hub created are removed. • When a specific control in a security standard is disabled , the related AWS Config rules that Security Hub created are removed 15-04-2020 18
Compliance Checks • After you enable a security standard, AWS Security Hub begins to run the checks within 2 hours. • After the initial check, the schedule for each control may be either periodic or change-triggered. • Periodic checks run automatically within 12 hours after the most recent run. You cannot change the periodicity • Change-triggered checks run when the associated resource changes state. Even if the resource does not change state, the updated at time for change-triggered checks is refreshed every 18 hours. This helps to indicate that the control is still enabled. • In general, Security Hub uses change-triggered rules whenever possible. For a resource to use a change-triggered rule, there must be AWS Config Configuration Item support. 15-04-2020 19
• On the Security standards page, each enabled standard displays a security score, which is between 0% and 100%. • The security score represents the proportion of Passed controls to enabled controls. The score is displayed as a percentage. For example, if 10 controls are enabled for a standard, and 7 of those controls are in a Passed state, then the security score is 70%. Security Score
Finding Severity For security standards findings, the severity is determined based on an assessment on how easy it would be to compromise AWS resources if the issue is detected. Critical The issue must be remediated immediately to avoid it escalating. (For example, an open S3 bucket is considered a critical severity finding.) High The issue must be addressed as a priority. (For example, CloudTrail logging not being enabled is considered a high severity issue) Medium The issue must be addressed but not urgently. (For example, lack of encryption at-rest is considered a medium severity finding) Low The issue does not require action on its own. (For example, discovering EC2 instances without required tags is considered low severity because a lack of tags can lead to a lack of resource visibility) Informational No issue was found. In other words, the status is PASSED. 15-04-2020 21
Finding status Status for each finding for a given control and the over all status for a given control would vary Status for the individual finding: • PASSED • FAILED • WARNING – Indicates that the check was completed, but Security Hub cannot determine whether the resource is in a PASSED or FAILED state • NOT_AVAILABLE – Indicates that the check cannot be completed because there is a server failure, the resource was deleted, or the result of the AWS Config evaluation was NOT_APPLICABLE
Overall Status • Passed – Indicates that all findings in the Security Hub master account and the member accounts for a given control are in a PASSED state. • Failed – Indicates that one or more findings in the Security Hub master account and the member accounts for a given control are in a Failed state • Unknown – Indicates that at least one finding in the Security Hub master account and the member accounts for a given control is in a WARNING or NOT_AVAILABLE state, but no findings are in a FAILED state
Pricing AWS Security Hub is priced along two dimensions. The dimensions are based on the quantity of security checks and the quantity of finding ingestion events. Security Checks: • Security Hub automatically evaluates each control in a supported security standard via rules. • Security checks are charged per number of checks per account per region. • Security Hub customers are not charged separately for any Config rules enabled by Security Hub Finding ingestion events: • AWS Security Hub ingests findings from various AWS services and from partner products. Finding ingestion events include both ingesting new findings and ingesting updates to existing findings. • Finding ingestion events associated with Security Hub's security checks are not charged. • Finding ingestion events are charged per number of events per account per region. 15-04-2020 24
Pricing 4/15/2020 25 Security checks (US East) Pricing First 100,000 checks/account/region/month $0.0010 per check Next 400,000 checks/account/region/month $0.0008 per check Over 500,000 checks/account/region/month $0.0005 per check Finding ingestion events (US East) Pricing Finding ingestion events associated with Security Hub’s security checks free First 10,000 events/account/region/month free Over 10,000 events/account/region/month $0.00003 per event
Pricing Example: Large organization 15-04-2020 26 Pricing dimensions: 2 regions, 20 accounts 500 security checks per account/region/month 10,000 finding ingestion events per account/region/month Monthly charges = 500 * $0.0010 * 2 * 20 (first 100,000 checks/account/region/month) + 10,000 * $0 * 2 * 20 (first 10,000 events/account/region/month) = $20 + $0 = $20 per month Settings -> Usage tab shows the estimated cost per month for the region

Recommended

AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
Amazon Web Services Korea
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 

Recommended

AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
실전! AWS 하이브리드 네트워킹 (AWS Direct Connect 및 VPN 데모 세션) - 강동환, AWS 솔루션즈 아키텍트:: A...
Amazon Web Services Korea
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
Amazon Web Services Korea
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
20211109 bleaの使い方(基本編)
20211109 bleaの使い方(基本編)20211109 bleaの使い方(基本編)
20211109 bleaの使い方(基本編)
Amazon Web Services Japan
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
Amazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
Amazon Web Services
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
James Armes
 
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage GatewayAWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
Amazon Web Services Japan
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
 
Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)
Amazon Web Services
 
Introduction to AWS (Amazon Web Services)
Introduction to AWS (Amazon Web Services)Introduction to AWS (Amazon Web Services)
Introduction to AWS (Amazon Web Services)
Albert Suwandhi
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
Amazon Web Services
 
securityhub.pdf
securityhub.pdfsecurityhub.pdf
securityhub.pdf
Learn2Skills |
 

More Related Content

What's hot

Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
Amazon Web Services Korea
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
Ernest Chiang
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
20211109 bleaの使い方(基本編)
20211109 bleaの使い方(基本編)20211109 bleaの使い方(基本編)
20211109 bleaの使い方(基本編)
Amazon Web Services Japan
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
Amazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
Amazon Web Services
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
James Armes
 
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage GatewayAWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
Amazon Web Services Japan
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
 
Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)
Amazon Web Services
 
Introduction to AWS (Amazon Web Services)
Introduction to AWS (Amazon Web Services)Introduction to AWS (Amazon Web Services)
Introduction to AWS (Amazon Web Services)
Albert Suwandhi
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
Amazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
Erik Paulsson
 

What's hot (20)

Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc Version
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
20211109 bleaの使い方(基本編)
20211109 bleaの使い方(基本編)20211109 bleaの使い方(基本編)
20211109 bleaの使い方(基本編)
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
 
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage GatewayAWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)Introduction to Amazon Elastic File System (EFS)
Introduction to Amazon Elastic File System (EFS)
 
Introduction to AWS (Amazon Web Services)
Introduction to AWS (Amazon Web Services)Introduction to AWS (Amazon Web Services)
Introduction to AWS (Amazon Web Services)
 
What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?What is Cloud Computing with Amazon Web Services?
What is Cloud Computing with Amazon Web Services?
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 

Similar to AWS Security Hub Deep Dive

Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
Amazon Web Services
 
securityhub.pdf
securityhub.pdfsecurityhub.pdf
securityhub.pdf
Learn2Skills |
 
Accelerating your Business with Security
Accelerating your Business with SecurityAccelerating your Business with Security
Accelerating your Business with Security
Amazon Web Services
 
AWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and GovernanceAWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and Governance
Akesh Patil
 
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...
Amazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Amazon Web Services
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
Igor Ivanovic
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the Cloud
Amazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Amazon Web Services
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
Amazon Web Services
 
Different monitoring options for cloud native integration solutions
Different monitoring options for cloud native integration solutionsDifferent monitoring options for cloud native integration solutions
Different monitoring options for cloud native integration solutions
BizTalk360
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Amazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
Kimberly Macias
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
Faiza Mehar
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 

Similar to AWS Security Hub Deep Dive (20)

Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
 
securityhub.pdf
securityhub.pdfsecurityhub.pdf
securityhub.pdf
 
Accelerating your Business with Security
Accelerating your Business with SecurityAccelerating your Business with Security
Accelerating your Business with Security
 
AWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and GovernanceAWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and Governance
 
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207)...
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the Cloud
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
 
Different monitoring options for cloud native integration solutions
Different monitoring options for cloud native integration solutionsDifferent monitoring options for cloud native integration solutions
Different monitoring options for cloud native integration solutions
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 

More from Nagesh Ramamoorthy

IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
Nagesh Ramamoorthy
 
IBM Cloud PowerVS - AIX and IBM i on Cloud
IBM Cloud PowerVS - AIX and IBM i on CloudIBM Cloud PowerVS - AIX and IBM i on Cloud
IBM Cloud PowerVS - AIX and IBM i on Cloud
Nagesh Ramamoorthy
 
NextGen IBM Cloud Monitoring and Logging
NextGen IBM Cloud Monitoring and LoggingNextGen IBM Cloud Monitoring and Logging
NextGen IBM Cloud Monitoring and Logging
Nagesh Ramamoorthy
 
IBM Cloud VPC Deep Dive
IBM Cloud VPC Deep DiveIBM Cloud VPC Deep Dive
IBM Cloud VPC Deep Dive
Nagesh Ramamoorthy
 
IBM Cloud Direct Link 2.0
IBM Cloud Direct Link 2.0IBM Cloud Direct Link 2.0
IBM Cloud Direct Link 2.0
Nagesh Ramamoorthy
 
CIS bench marks for public clouds
CIS bench marks for public cloudsCIS bench marks for public clouds
CIS bench marks for public clouds
Nagesh Ramamoorthy
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
AWS database services
AWS database servicesAWS database services
AWS database services
Nagesh Ramamoorthy
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
Nagesh Ramamoorthy
 
AWS network services
AWS network servicesAWS network services
AWS network services
Nagesh Ramamoorthy
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage services
Nagesh Ramamoorthy
 
AWS compute Services
AWS compute ServicesAWS compute Services
AWS compute Services
Nagesh Ramamoorthy
 
AWS core services
AWS core servicesAWS core services
AWS core services
Nagesh Ramamoorthy
 
AWS Introduction and History
AWS Introduction and HistoryAWS Introduction and History
AWS Introduction and History
Nagesh Ramamoorthy
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Nagesh Ramamoorthy
 

More from Nagesh Ramamoorthy (15)

IBM Cloud Object Storage
IBM Cloud Object StorageIBM Cloud Object Storage
IBM Cloud Object Storage
 
IBM Cloud PowerVS - AIX and IBM i on Cloud
IBM Cloud PowerVS - AIX and IBM i on CloudIBM Cloud PowerVS - AIX and IBM i on Cloud
IBM Cloud PowerVS - AIX and IBM i on Cloud
 
NextGen IBM Cloud Monitoring and Logging
NextGen IBM Cloud Monitoring and LoggingNextGen IBM Cloud Monitoring and Logging
NextGen IBM Cloud Monitoring and Logging
 
IBM Cloud VPC Deep Dive
IBM Cloud VPC Deep DiveIBM Cloud VPC Deep Dive
IBM Cloud VPC Deep Dive
 
IBM Cloud Direct Link 2.0
IBM Cloud Direct Link 2.0IBM Cloud Direct Link 2.0
IBM Cloud Direct Link 2.0
 
CIS bench marks for public clouds
CIS bench marks for public cloudsCIS bench marks for public clouds
CIS bench marks for public clouds
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
 
AWS database services
AWS database servicesAWS database services
AWS database services
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
 
AWS network services
AWS network servicesAWS network services
AWS network services
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage services
 
AWS compute Services
AWS compute ServicesAWS compute Services
AWS compute Services
 
AWS core services
AWS core servicesAWS core services
AWS core services
 
AWS Introduction and History
AWS Introduction and HistoryAWS Introduction and History
AWS Introduction and History
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

Recently uploaded

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 

Recently uploaded (20)

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 

AWS Security Hub Deep Dive

  • 1. AWS Security Hub Deep Dive Nagesh Ramamoorthy 15-04-2020 1
  • 2. Agenda Part1 • Security Hub Overview • Multi-Account Structure • Access And Privileges • Findings • Insights • Integrations Part2 • CIS Compliance • Service Linked Config Rules • Findings – status, overall status , severity • Security Score • Pricing
  • 3. 4/15/2020 3 Part 1 : General features
  • 4. Definition AWS security Hub provides a comprehensive view of security posture across the AWS accounts and checks the compliance status against industry standards like CIS , PCI DSS 15-04-2020 4
  • 5. Core Features Receive the security findings input from various security services of AWS account(s) Receive and/or send security findings from third party providers Check for compliance of industry standard controls like CIS benchmark and PCI DSS and generate security findings if required Tight Integration with CloudWatch and CloudTrail native services for Alerting and Logging 15-04-2020 5
  • 6. Overview • Generally available since June 2019 • AWS Security Hub is a regional service. • Available in 19 regions • There is a free trial of 90 days for Security Hub • Security Hub is SOC, ISO, PCI, and HIPAA certified • Security Hub is integrated with cloudTrail and cloudwatch. • When we enable security hub in a given region, it automatically starts reading the findings from the AWS services and optionally we can enable industry standards like CIS and PCI DSS • Security Hub is a multi-tenant service offering. To ensure data protection, Security Hub encrypts data at rest and data in transit between component services 15-04-2020 6
  • 7. Added accounts are member accounts. With the master account, you can view findings in member accounts Multi-Account structure Master Account Member Account Member Account If your invitations are accepted by a member account , your account is designated as the Security Hub master account Master Account Member Account 15-04-2020 7
  • 8. Multi-Account Structure • Adding a member account is a three step process • Add an account from the master account • Invite the added account from Master • Accept the invite from member account • When the invited account accepts the invitation, permission is granted to the master account to view the findings from the member account. • The master account can also perform actions on findings in a member account. • An account cannot be both a Security Hub master account and a member account at the same time. An account can accept only one membership invitation • If your account is the master account, you can't accept an invitation to become a member account. • We can monitor findings from multiple member accounts in a region, but can't view the findings across regions in an account 15-04-2020 8
  • 9. Access and Privileges • By default accessible only to account owners • IAM users can be given with two levels of access using the below managed IAM policies: AWSSecurityHubFullAccess – Provides access to all Security Hub functionality AWSSecurityHubReadOnlyAccess – Provides read-only access to Security Hub • Security Hub creates a service linked role called "AWSServiceRoleForSecurityHub" that needs access to below actions: o Detect and aggregate findings from AWS services , Macie, Inspector, Guard duty etc o Configure requisite AWS config rules to check compliance against industry standard CIS benchmarks • The AWSServiceRoleForSecurityHub service-linked role is automatically created when you enable Security Hub for the first time or enable Security Hub in a supported Region where you previously didn't have it enabled For the Security Hub Users For the Security Hub service 15-04-2020 9
  • 10. Findings • The findings tab lists all the findings from all the sources. Findings tab supports Group by and Filter attributes. • By default status filter has been set to "Active" . • Findings Record state can be changed from "Active" to "Archived" 15-04-2020 10
  • 11. Findings Format Each security finding follows a defined Json format as below which includes detailed information about the finding, so that there is no format conversion required to transfer the data between tools "Findings": [ { "AwsAccountId": "string", "Compliance": { "Status": "string", "RelatedRequirements": ["string"] }, "Confidence": number, "CreatedAt": "string", "Criticality": number ….............. 15-04-2020 11
  • 12. Insights • Insights are a group of findings which can be created by "Group by" filter with optional additional filters. • There are managed Insights by AWS which can't be deleted or edited . We can create custom Insights. • There are 30 managed Insights available today , examples include • AWS resources with the most findings • AWS users with the most suspicious activity 15-04-2020 12
  • 13. Integrations • The Integrations tab shows the list of current integrations to AWS security Hub. • It first shows the AWS services integrations and they followed by the third party integrations. • Each integration has the details like : company name , product name , description , How to enable the integration and current status of the integration. • By default the AWS services are integrated once the AWS service is enabled , but the third party products to be enabled manually. • AWS Services Integrated: AWS Macie, Detective, Gaurd Duty , Inspector, Firewall Manager, IAM Access Analyzer 15-04-2020 13
  • 14. Third Party Integrations • There are around ~50 third party integrations as per the official documentation. • Each product integration either sends findings to Security hub or receives the findings from the security hub. Eg IBM Qradar does both send and receive the findings. • The integrations tab provides the opportunity to enable or disable the integrations including the default AWS services integrations. • We can do custom integration by programmatically sending findings using the BatchImportFindings API . • Some of third party integrations: CyberArk: Privileged Threat Analytics , Symantec: Cloud Workload Protection, Splunk: Splunk Enterprise, IBM: QRadar SIEM, Forcepoint: Forcepoint NGFW 15-04-2020 14
  • 15. 4/15/2020 15 Part 2 : CIS Compliance
  • 16. CIS benchmark for AWS Center for Information Security (CIS) is a non-profit organization specialized into Cyber security and produces security standards for various popular software products including AWS. 15-04-2020 16 recommendations : 22 Level 1: 20 ( 4 not scored ) Level 2: 2 ( 1 not scored ) Recommendations: 9 Level 1: 5 Level 2: 4 Recommendations: 14 Level 1 : 9 Level 2: 5 Recommendations : 4 Level 1 : 2 Level 2 : 2 ( 1 not scored) Section 1 : IAM Section 2 : Logging Section 3 : Monitoring Section 4 : Networking Security supports all the 43 scored recommendations ( controls) leaving remaining 6 unscored recommendations CIS_Controls_deta ils
  • 17. Approach • Security Hub also generates its own findings as the result of running automated and continuous checks against the rules in a set of supported security standards. • To run security checks on your environment's resources, AWS Security Hub either uses steps specified by the standard, or uses specific AWS Config managed rules • For the standards to be functional in Security Hub, before you enable a security standard, you must also enable AWS Config in your Security Hub accounts • If you enable AWS Config in your Security Hub master account, this does not automatically enable AWS Config in the Security Hub member accounts for this master account. 15-04-2020 17
  • 18. AWS Config Service-Linked Rules • After you enable a security standard, Security Hub automatically creates the AWS Config service-linked rules that it needs to run checks against the enabled controls. • These service-linked rules are specific to Security Hub. It creates these service-linked rules even if other instances of the same rules already exist. • You can enable a security standard even if you already have maximum limit of 150 AWS Config managed rules in your account. • For service-linked rules such as the ones that Security Hub adds for security standards, the limit is 150 rules per account per Region. This is in addition to the 150-rule limit on AWS Config managed rules • When a security standard is disabled , the related AWS Config rules that Security Hub created are removed. • When a specific control in a security standard is disabled , the related AWS Config rules that Security Hub created are removed 15-04-2020 18
  • 19. Compliance Checks • After you enable a security standard, AWS Security Hub begins to run the checks within 2 hours. • After the initial check, the schedule for each control may be either periodic or change-triggered. • Periodic checks run automatically within 12 hours after the most recent run. You cannot change the periodicity • Change-triggered checks run when the associated resource changes state. Even if the resource does not change state, the updated at time for change-triggered checks is refreshed every 18 hours. This helps to indicate that the control is still enabled. • In general, Security Hub uses change-triggered rules whenever possible. For a resource to use a change-triggered rule, there must be AWS Config Configuration Item support. 15-04-2020 19
  • 20. • On the Security standards page, each enabled standard displays a security score, which is between 0% and 100%. • The security score represents the proportion of Passed controls to enabled controls. The score is displayed as a percentage. For example, if 10 controls are enabled for a standard, and 7 of those controls are in a Passed state, then the security score is 70%. Security Score
  • 21. Finding Severity For security standards findings, the severity is determined based on an assessment on how easy it would be to compromise AWS resources if the issue is detected. Critical The issue must be remediated immediately to avoid it escalating. (For example, an open S3 bucket is considered a critical severity finding.) High The issue must be addressed as a priority. (For example, CloudTrail logging not being enabled is considered a high severity issue) Medium The issue must be addressed but not urgently. (For example, lack of encryption at-rest is considered a medium severity finding) Low The issue does not require action on its own. (For example, discovering EC2 instances without required tags is considered low severity because a lack of tags can lead to a lack of resource visibility) Informational No issue was found. In other words, the status is PASSED. 15-04-2020 21
  • 22. Finding status Status for each finding for a given control and the over all status for a given control would vary Status for the individual finding: • PASSED • FAILED • WARNING – Indicates that the check was completed, but Security Hub cannot determine whether the resource is in a PASSED or FAILED state • NOT_AVAILABLE – Indicates that the check cannot be completed because there is a server failure, the resource was deleted, or the result of the AWS Config evaluation was NOT_APPLICABLE
  • 23. Overall Status • Passed – Indicates that all findings in the Security Hub master account and the member accounts for a given control are in a PASSED state. • Failed – Indicates that one or more findings in the Security Hub master account and the member accounts for a given control are in a Failed state • Unknown – Indicates that at least one finding in the Security Hub master account and the member accounts for a given control is in a WARNING or NOT_AVAILABLE state, but no findings are in a FAILED state
  • 24. Pricing AWS Security Hub is priced along two dimensions. The dimensions are based on the quantity of security checks and the quantity of finding ingestion events. Security Checks: • Security Hub automatically evaluates each control in a supported security standard via rules. • Security checks are charged per number of checks per account per region. • Security Hub customers are not charged separately for any Config rules enabled by Security Hub Finding ingestion events: • AWS Security Hub ingests findings from various AWS services and from partner products. Finding ingestion events include both ingesting new findings and ingesting updates to existing findings. • Finding ingestion events associated with Security Hub's security checks are not charged. • Finding ingestion events are charged per number of events per account per region. 15-04-2020 24
  • 25. Pricing 4/15/2020 25 Security checks (US East) Pricing First 100,000 checks/account/region/month $0.0010 per check Next 400,000 checks/account/region/month $0.0008 per check Over 500,000 checks/account/region/month $0.0005 per check Finding ingestion events (US East) Pricing Finding ingestion events associated with Security Hub’s security checks free First 10,000 events/account/region/month free Over 10,000 events/account/region/month $0.00003 per event
  • 26. Pricing Example: Large organization 15-04-2020 26 Pricing dimensions: 2 regions, 20 accounts 500 security checks per account/region/month 10,000 finding ingestion events per account/region/month Monthly charges = 500 * $0.0010 * 2 * 20 (first 100,000 checks/account/region/month) + 10,000 * $0 * 2 * 20 (first 10,000 events/account/region/month) = $20 + $0 = $20 per month Settings -> Usage tab shows the estimated cost per month for the region