The Big Picture with Security Hub

danquack

Daniel Quackenbush

Posted on December 16, 2020

The Big Picture with Security Hub

AWS Security Hub is a comprehensive analysis utility that gives a clearer picture of your infrastructure. Through native and vendor integrations, it provides a single lens on security while providing you actionable insight.

Security Hub utilizes foundational standards, CIS benchmarks, and PCI compliance checks to validate your infrastructure security. While using standards gets over the hurdle of managing rules, it still requires the overhead of enabling config and reporting back to the management account. However, despite the downsides, it can be a powerful utility in improving your security posture.

Implementation

All of the resources are needed, as described in AWS Config. In replacement of config rules, we use the conformance packs, aws-foundational-security-best-practices, and cis-aws-foundations-benchmark. The conformance packs then translate individual benchmarks into rules. It is worth noting that the checks' overall cost adds up quickly with more regions + accounts.

Findings

Security Hub provides an aggregated console that breaks down the findings' severity, a key to prioritizing work. An example of what the prioritization looks like:
Security Hub Findings

Through navigating through the UI, you can then drill down to the specific AWS Config finding and view the non-compliant resources
config

Scores

Scores are also an interesting metric to pull out. When you look at the CIS benchmarks, it is nice to report back a score of improvements to track progress.
scores

Integrations

Security Hub integrates with many services, not just AWS Config. Both AWS services and vendor services, overall giving you a regionalized view of your infrastructure state. integrations

💖 💪 🙅 🚩
danquack
Daniel Quackenbush

Posted on December 16, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related