Search the Community

We are excited to announce the launch of 22 new proactive controls and 10 AWS Security Hub detective controls in the AWS Control Tower controls library to help you meet regulatory requirements. These new controls are managed by AWS Control Tower and help you meet control objectives such as encrypt data in transit, encrypt data at rest, or use strong authentication. Proactive controls block non-compliant resources before they are provisioned for services such as Amazon Athena, Amazon EMR, AWS Glue, Amazon DynamoDB Accelerator (DAX) and Amazon Neptune. The AWS Security Hub detective controls for services such as Amazon Neptune, Amazon Athena and Amazon RDS help you detect noncompliance of resources within your accounts. View the full article

AWS Security Hub has added two new integration partners to help customers with their cloud security posture monitoring. View the full article

AWS Security Hub now automatically receives Amazon GuardDuty Malware Protection findings. Amazon GuardDuty Malware Protection delivers agentless detection of malware on your Amazon Elastic Cloud Compute (EC2) instance and container workloads. This integration between Security Hub and GuardDuty expands the centralization and single pane of glass experience in Security Hub by consolidating your malware findings alongside your other security findings, allowing you to more easily search, triage, investigate, and take action on your security findings. GuardDuty Malware Protection findings within Security Hub also contain an investigation link that allows you to quickly dive deeper to investigate the finding in Amazon Detective. View the full article

AWS Security Hub has added four new integration partners to help customers with their cloud security posture monitoring. Integrations from Lacework, Juniper Networks, SentinelOne, and K9 Security bring Security Hub to 79 integrations. Lacework sends findings from their Polygraph Data Platform (PDP) to Security Hub to help manage AWS posture and compliance events. Juniper Networks' vSRX Virtual Next Generation Firewall sends security events observed by the firewall to Security Hub. SentinelOne sends security findings, identified by SentinelOne endpoints running in your AWS environment, to Security Hub. K9 Security sends findings to Security Hub related to important access changes within your AWS Identity and Access Management (IAM) configuration. View the full article

AWS Security Hub has released 36 new controls for its Foundational Security Best Practice standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully-automatic checks against security best practices for AWS Auto Scaling, AWS CloudFormation, Amazon CloudFront, Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Registry (ECR), Amazon Elastic Container Service (ECS), Amazon Elastic File System (EFS), Amazon Elastic Kubernetes Service (EKS), Elastic Load Balancing (ELB), Amazon Kinesis, AWS Network Firewall, Amazon OpenSearch Service, Amazon Redshift, Amazon Simple Storage Service (S3), Amazon Simple Notification Service (SNS), and AWS WAF. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled for you by default. Security Hub now supports 223 security controls to automatically check your security posture in AWS. View the full article

AWS Security Hub now automatically receives AWS Config managed and custom rule evaluation results as security findings. AWS Config allows security and compliance professionals to assess, audit, and evaluate the configurations of their AWS resources via Config rules, which evaluate the compliance of AWS resources against specified policies. Examples of resource misconfigurations detected by Config rules include publicly-accessible Amazon S3 buckets, unencrypted EBS volumes, and overly-permissive IAM policies. When a Config rule evaluation passes or fails, you will now see a ‘passed’ or ‘failed’ finding for that evaluation in Security Hub. Any updates to the status of the Config rule evaluation will be automatically updated in the Security Hub finding. This new integration between Security Hub and AWS Config expands the centralization and single pane of glass experience by consolidating your Config evaluation results alongside your other security findings, allowing you to more easily search, triage, investigate, and take action on your security findings. View the full article

AWS Security Hub can now automatically receive findings from the open source tool Kube-bench Kube-bench checks whether your Kubernetes cluster is configured in accordance with the recommendations from the Center for Internet Security (CIS), supporting both the CIS Kubernetes Benchmark and the CIS Amazon Elastic Kubernetes Service (Amazon EKS) Benchmark. Kube-bench’s findings about non-compliant configuration settings can be viewed within Security Hub. In addition, Security Hub’s integration with Cloud Custodian is now available in the AWS China (Beijing) Region operated by Sinnet and in the AWS China (Ningxia) Region operated by NWCD. The open source tool Cloud Custodian can both send and receive findings to/from Security Hub. This brings the total number of AWS service and AWS Partner Network (APN) Technology Partner integrations available in Security Hub to 61. View the full article

AWS Security Hub is now integrated with AWS Organizations to simplify security posture management across all of your existing and future AWS accounts in an organization. With this launch, new and existing Security Hub customers can delegate any account in their organization as the Security Hub administrator and centrally view security findings from up to 5,000 AWS accounts. The integration with AWS Organizations allows you to automatically enable Security Hub and its automated security checks in any existing and newly created accounts in the organization. You can also now see AWS account names alongside account IDs in the Security Hub console. Customers using Security Hub’s existing multi-account management feature can transition to this new AWS Organizations-enabled multi-account management without any disruption to existing Security Hub usage. This feature is available today in all Security Hub supported AWS regions except in the AWS China (Beijing) Region operated by Sinnet and in the AWS China (Ningxia) Region operated by NWCD. To learn more, see the Security Hub User Guide for account management. View the full article

AWS Security Hub is now integrated with 3CORESec, Cloudtamer, Prowler, StackRox, and ThreatModeler. Further, Amazon GuardDuty’s integration with AWS Security Hub is now available in AWS GovCloud (US-East). Lastly, AllCloud is now an AWS Security Hub APN Consulting Partner. This brings the total number of AWS service and AWS Partner Network (APN) Technology Partner integrations available in Security Hub to 60 and the number of APN Consulting Partners with a Security Hub offering to 3. 3CORESec, Prowler, and StackRox send findings to Security Hub. ThreatModeler receives findings from Security Hub. Cloudtamer both sends and receives findings to/from Security Hub. To learn more, visit the Integration pages in the Security Hub console and click on the "Configuration" link for the integration to learn more about the integration and how to set it up. View the full article

AWS Security Hub is now available in the AWS China (Beijing) Region operated by Sinnet and in the AWS China (Ningxia) Region operated by NWCD. View the full article