Last Week: Python for Cybersecurity đ đĄď¸
Next Week: Supply Chain Security Project đŚ âď¸
This Week: You should learn AWS Security Hub
AWS Security Hub was actually the first native security tool I learned in AWS⌠Good times! Almost 6 years ago now đ
Itâs a native AWS security service that provides a complete view of your security posture across your AWS environment. It consolidates and prioritises security findings from multiple AWS services, over multiple accounts helping you monitor and improve your security posture based on industry best practices.
Cloud Security Posture Management tools are a huge part of the security landscape, but AWS Security Hub is a great starting point. Itâs built into the AWS ecosystem, so you donât need to configure third party integrations or deal with external identities and STS in IAM, you can start assessing your environment straight away.
Key Features
Cloud Security Posture Reports
Security Automation and Response
Correlate Security Findings
TLDR: It gathers findings from AWS security tools (like GuardDuty, Inspector, Macie) and many third party products, compares them against standards (CIS, PCI DSS, AWS best practice), and shows everything in a central dashboard so you can spot, prioritise and remediate issues quickly. Skip to part two to see it in action.
Security Automation and Response
Security Hub allows you to automate security responses based on findings. You can set up custom actions or integrate with AWS services like AWS Lambda to automatically remediate issues as they are identified.
This helps shorten the time between detection and response, making sure your environment remains secure.
Cloud Security Posture Reports
AWS Security Hub continuously assesses your AWS environment against industry standards, such as CIS and AWS best practices. This helps you identify misconfigurations and maintain a strong security posture across all your accounts.
It generates detailed Cloud Security Posture reports, providing insights into how well your environment aligns with these standards and highlighting areas that require attention.
Correlate Security Findings
Security Hub aggregates and correlates security findings from various AWS services, such as Amazon GuardDuty, AWS Inspector, and AWS Macie.
By correlating these findings, Security Hub provides a prioritised view of potential threats, allowing you to focus on the most critical issues and streamline your incident response process.
Letâs use it
Open the AWS Console and navigate to Security Hub
Letâs just start simple and go with the Enable AWS Foundational Security Best Practices v1.0.0.
You get 30 day free trial here, so turn this on, learn it, the disable!
Itâs from this main page you will see all the findings from the bench marking framework against your accounts.
Itâs pretty self explanatory from here, but I recommend exploring all the tabs to get a feel for the service.
The real challenge
Tools like this are quick to switch on and understand, thatâs the easy part. The real challenge is having a clear plan: a centralised security account, well tuned alerting, and processes for acting on those alerts.
Think about whether youâre deploying Security Hub with Infrastructure as Code and how itâs being maintained. Out of the box, Security Hub can produce a lot of findings. Youâll need to filter, suppress or customise rules so your team focuses on what really matters. Getting findings into ticketing systems, SIEMs or chat channels is essential so alerts donât sit ignored in the console. Writing Lambda functions or Step Functions to auto remediate common issues adds value but takes planning.
Most importantly, make sure it aligns with your organisationâs security controls and objectives.
Finally, remember: Security Hub > Settings > General > Disable
This was a modified and expanded section from TechOneTwenty: A Practical Breakdown: Understanding Cloud & Security with simple projects you can do at home
Itâs actually on sale right now đ¸ Click the image to check it outđąď¸
WJPearce - Cyber Notes
Enjoyed this? Why not check out my other readsâŚ
GBH I really struggle with the AWS Gui and frequently lose myself navigating about so this is really useful. Thanks.
Super clear post. Curious if you think Security Hub should be default enabled on all new AWS accounts?