aws security hub - overview v2/jp_security and complianc… · © 2018, amazon web services, inc....
TRANSCRIPT
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Office of the CISO, Henrik Johasson
AWS Security Hub
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS ������$�
ArchiveSnapshot
Protect Detect Respond RecoverIdentify
Investigate
AutomateAmazon
Macie
!� �� ��
���
�"
��
#
������
�����
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
���
1
Large volume of alerts and the
need to prioritize
3Dozens of security
tools with different data
formats
2Ensure that your
AWS infrastructure
meets compliance requirements
1
PrioritizationMultiple formats VisibilityCompliance
Lack of a single pane of glass
across security and compliance
tools
4
��� ���� ������ ������ ���
*?��&���+=��� �92C4:��;0
��%'���)"&��)���(-,� 1 �� %��.7/>
AWS �)!&��&��$��)"&��)�05DA�86�
;0
@����!��#�����%'����(�31B<
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub �+�
AWS ���2%>;�OHVI�8� �-/$��.�%��2*.��2�
�$�!�� 1 �Y[)-������� �
(������������
*��&��" )!$�AWS �(�%'�� �-/$���)�J�K7���
:9�%12&�AFC�\3
��������� �����#
CIS AWS Foundations Benchmark ��4GUQ�
N=
'%CloudWatch Events � Lambda �S5@M���"�#%LB��TD�",#%�+�0�6?ZEWP ��RP�<X
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
�������� �
AWS Security Hub �8;B1(<D9?�*�9.���P ��\Sf_
• Ne AWS Config @�+�� AWS Config dS[W�gb��\S���� �
• ������\S���� �• ZO(B1( �� �a���� �• Im^i (GA) BB�.�K���lj�UNT_�`�]��������RL� �
API/CLI/SDK �:C*=�2• C++�Go�Java�JS�.Net�PHP�
Python�Ruby
������� (15)
• - 8,:!1( (>F7")• - 8,:!1( (/#C)• - 8,:!1( (,F'=�C)
• - 8,:!1( (,35�)• - 8,:!1( (JV)• &40 (HM)• kh (:AF(:C2)• kh ( "CAF3)• kh (EF3F)• kh (8B)• cQ (*F8#E)• QGJM (7�-5 YM)• QGJM (%6"%)• QGXM (Y&B:$C5 )• QGXM (%D)F)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������������� ��Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other
�������
���
������
��������
���
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������ ������ ��— CrowdStrike
IP MAC ��#�����"API (DAWS(�)
��"� $� API
API �.1
,&����/)1. Python ��"���"� $� API �!���*)2. Python ��"� AWS API -+���"3. EC2�$��$�%2��'&�����0)4. EC2 CrowdStrike�����,&�� ���������AWS Security Hub /)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������ ������ ��—Armor
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
�������� Security Hub �
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS ��� ����������
� 100 )� JSON �����������
�!$��• �0����-&• ��������%"• �(�.���#• �*�'*��/ (TTP)• +,
Severity.Normalized�������
�0����-&
��������%"
�(�.���#
TTP +,
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
�������� �����
43 ��� �������������
CIS ����
�������������
��� - 1.20
��
����
�������������: 39
�������������: 4
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������������������ Insights
��� ���� AMI
AMI
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������ ������������
Event (event-based)
Rule
1. AWS Security Hub (�����*��)�7+8;�/F�����&?>�0<���
2. ���&?> ID �=6��7+8;� CloudWatch�@4����
3. ���&?> ID �:2�� CloudWatch��%*$)�) G,����
4. )�)�����!$(.B� Lambda � Step Function) �-A������
5. ���!$�� '!$� �!$93��*�#*$C1�D5E>��"&����
�%*$(�%*$%��)
)�)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
��
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
����������
Collect and process security findings from multiple accounts within a region
Evaluate your compliance against regulatory and best practice frameworks
Identify and prioritize the most important issues by grouping and correlating security findings with Insights
Understand and manage your overall AWS security and compliance posture 1/, AWS ��!$����'�#��'�+F0<�G0
D4�����#�����%� &����'�#��'�I=
$��"'-K6���'���!$��:(;>BC�E0
Insights �:(�����!$��57*J�L)����2 8357H@�?9.A�
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������
��������: https://console.aws.amazon.com/securityhub/
��: https://aws.amazon.com/security-hub/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
Thank you