AWS Security Hub Aggregates Alerts From Third-Party Tools
Amazon Web Services on Wednesday announced the launch of AWS Security Hub, a service designed to aggregate and prioritize alerts from AWS and third-party security tools.
Unveiled at the AWS re:Invent 2018 conference, AWS Security Hub provides organizations a comprehensive view of their security status by consuming, aggregating, organizing and prioritizing data from Amazon GuardDuty, Amazon Inspector, Amazon Macie, and tools from AWS partners.
A significant number of cybersecurity firms announced on Wednesday that their products can be integrated with the AWS Security Hub, including CrowdStrike, Twistlock, Tenable, Armor, McAfee, Splunk, Check Point, Palo Alto Networks, Alert Logic, Qualys, Sophos, Trend Micro, Sumo Logic and Fortinet. Each of these companies issued statements, press releases and blog posts regarding the partnership with AWS.
AWS Security Hub, currently in preview release, not only collects data from other tools, but also generates its own findings based on automated and continuous compliance checks.
The service helps users prioritize findings and consolidates them into actionable tables and graphs, allowing security teams to quickly take action. Findings can be forwarded to email, ticketing, chat, and automated remediation systems.
“The service ingests data using a standard findings format, eliminating the need for time-consuming data conversion efforts. It then correlates findings across providers to prioritize the most important findings,” AWS explained.
“With Security Hub, you can run automated, continuous account-level configuration and compliance checks based on industry standards and best practices, such as the Center for Internet Security (CIS) AWS Foundations Benchmark. These checks provide a compliance score and identify specific accounts and resources that require attention,” the company said.
The Security Hub can be accessed through the AWS Management Console, specifically the Amazon Inspector console, or the Security Hub HTTPS API.