aws security hub - overview v2/jp_security and complianc… · © 2018, amazon web services, inc....

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Office of the CISO, Henrik Johasson

AWS Security Hub

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS ��$�

ArchiveSnapshot

Protect Detect Respond RecoverIdentify

Investigate

AutomateAmazon

Macie

!� ��

��

�"

��

#

��

��


��

1

Large volume of alerts and the

need to prioritize

3Dozens of security

tools with different data

formats

2Ensure that your

AWS infrastructure

meets compliance requirements

1

PrioritizationMultiple formats VisibilityCompliance

Lack of a single pane of glass

across security and compliance

tools

4

��

*?��&��+=�� 92C4:��;0

��%'��)"&��)��(-,� 1 �� %��.7/>

AWS �)!&��&��$��)"&��)�05DA�86�

;0

@��!��#��%'��(�31B<


AWS Security Hub �+�

AWS ��2%>;�OHVI�8� �-/$��.�%��2*.��2�

�$�!�� 1 �Y[)-��

(��

*��&��" )!$�AWS �(�%'�� -/$��)�J�K7��

:9�%12&�AFC�\3

�� #

CIS AWS Foundations Benchmark ��4GUQ�

N=

'%CloudWatch Events � Lambda �S5@M��"�#%LB��TD�",#%�+�0�6?ZEWP ��RP�<X


��

AWS Security Hub �8;B1(<D9?�*�9.��P ��\Sf_

• Ne AWS Config @�+�� AWS Config dS[W�gb��\S��

• ��\S�� • ZO(B1( �� a�� • Im^i (GA) BB�.�K��lj�UNT_�`�]��RL� �

API/CLI/SDK �:C*=�2• C++�Go�Java�JS�.Net�PHP�

Python�Ruby

�� (15)

• - 8,:!1( (>F7")• - 8,:!1( (/#C)• - 8,:!1( (,F'=�C)

• - 8,:!1( (,35�)• - 8,:!1( (JV)• &40 (HM)• kh (:AF(:C2)• kh ( "CAF3)• kh (EF3F)• kh (8B)• cQ (*F8#E)• QGJM (7�-5 YM)• QGJM (%6"%)• QGXM (Y&B:$C5 )• QGXM (%D)F)


�� Firewalls

Vulnerability

SOAR

SIEM

Endpoint

Compliance

MSSP

Other

��

��

��

��

��


�� — CrowdStrike

IP MAC ��#��"API (DAWS(�)

��"� $� API

API �.1

,&��/)1. Python ��"��"� $� API �!��*)2. Python ��"� AWS API -+��"3. EC2�$��$�%2��'&��0)4. EC2 CrowdStrike��,&�� AWS Security Hub /)


�� —Armor


�� Security Hub �


AWS ��

� 100 )� JSON ��

�!$��• �0��-&• ��%"• �(�.��#• �*�'*��/ (TTP)• +,

Severity.Normalized��

�0��-&

��%"

�(�.��#

TTP +,


��

43 ��

CIS ��

��

�� - 1.20

��

��

��: 39

��: 4


�� Insights

�� AMI

AMI


��

Event (event-based)

Rule

1. AWS Security Hub (��*��)�7+8;�/F��&?>�0<��

2. ��&?> ID �=6��7+8;� CloudWatch�@4��

3. ��&?> ID �:2�� CloudWatch��%*$)�) G,��

4. )�)��!$(.B� Lambda � Step Function) �-A��

5. ��!$�� '!$� �!$93��*�#*$C1�D5E>��"&��

�%*$(�%*$%��)

)�)


��


��

Collect and process security findings from multiple accounts within a region

Evaluate your compliance against regulatory and best practice frameworks

Identify and prioritize the most important issues by grouping and correlating security findings with Insights

Understand and manage your overall AWS security and compliance posture 1/, AWS ��!$��'�#��'�+F0<�G0

D4��#��%� &��'�#��'�I=

$��"'-K6��'��!$��:(;>BC�E0

Insights �:(��!$��57*J�L)��2 8357H@�?9.A�


��

��: https://console.aws.amazon.com/securityhub/

��: https://aws.amazon.com/security-hub/

https://console.aws.amazon.com/securityhub/

https://aws.amazon.com/security-hub/

aws security hub - overview v2/jp_security and complianc… · © 2018, amazon web services, inc....

Documents