Following on from getting your account setup, let’s have a look at how we can secure it and continue to secure it.
Security Hub
AWS Security Hub is a cloud security service that provides a comprehensive view of your security posture across AWS accounts. It aggregates, organizes, and prioritizes security findings from multiple AWS services (such as Amazon GuardDuty, AWS Config, and Amazon Inspector) and third-party security tools. Key features include:
- Centralized Security Management: It consolidates security alerts, called findings, into a single dashboard for easy management.
- Automated Security Checks: It runs continuous compliance checks based on AWS security best practices and industry standards, such as CIS AWS Foundations Benchmark.
- Integration with AWS and Third-Party Tools: Security Hub integrates with a range of AWS and external security services, providing a unified view.
- Insights and Recommendations: It generates insights that help you prioritize security risks and provides recommendations for remediation.
- Compliance: It helps monitor compliance with regulatory standards by checking against policies.
Enabling Security Hub
Here is the documentation to follow to setup Security Hub, or follow the instructions below.
AWS Config
Firstly you need to setup AWS Config.
The first page of Security Hub has a really helpful link to a Cloudformation Script.
Download this script and deploy it as a stackset or as a stack depending on whether you are setting up an Organisation or a single account.
I used the following parameters, many of them were defaults:
Wait for the Cloudformation to finish.
Enable Security Standards
Depending on what Standards you need to meet for your organisation will depend on what Standards you need to enable. At the time of wrting AWS Security Hub suppoerts:
- AWS Foundational Best Practices v1.0.0
- CIS AWS Foundations Benchmark v1.2.0, v1.4.0, v3.0.0
- NIST Special Publication 800-53 Revision 5
- PCI DSS v3.2.1
AWS also has a tagging Standard:
- AWS Resource Tagging Standard v1.0.0
You can more information about the standars from either the respective vendors sites or a roll up of their implentation in Security Hub documentation.
I just went with the default enabled standards for this demonstration:
You should get a confirmation as below:
And hopefully you can see that things are starting to populate. It will take about 30 minutes to start to see real detail.
Security Hub can now also manage multiple regions, and accounts across an organisation and aggregate findings into one account. It’s recommended that you don’t run Security Hub in the management account, but instead in a designated security or audit account, and you delegate permissions to this account.
Reviewing Insights
Hopefully after about 30 minutes, you should start to see results.
On the Dashboard or Security Standards page, you can see a roll up the findings with a view against the specific standards:
In the Controls page, you can see all the individual findings and can then filter as required, by control, or rating, or status, or any other potential filter value. You can also download these to be able to track remediation in your favourite project management tool.
Automating Remediation
If you wish to go one step further you can also deploy automated remediation. This is beyond the scope of this particular blog post, but I may cover it in a future blog post.
Conclusion
Overall, AWS Security Hub is a valuable tool for keeping your AWS environment secure. By bringing together security findings from various AWS services and third-party tools into one place, it offers a clear, comprehensive view of your security posture. With automated compliance checks and real-time alerts, it helps you stay on top of potential risks and meet industry standards easily. Plus, the insights and recommendations it provides make it easier to prioritize and tackle any issues. If you’re looking to simplify your cloud security and boost your defenses, AWS Security Hub is definitely worth considering.