Consolidated findings across Amazon Web Services services and partner integrations

Amazon Security Hub collects and consolidates findings from Amazon Web Services security services enabled in your environment, such as noncompliant EC2 instances from Amazon Systems Manager Patch Manager and publicly accessible and cross-account resources from IAM Access Analyzer. All findings are stored for at least 90 days within Amazon Security Hub.

Amazon Security Hub can automatically aggregate security and/or receive findings from supported Amazon Web Services Partner Network (APN) security solutions, so you can have a comprehensive view of security and compliance across your Amazon environment.

The Amazon Security Hub partners listed in the service documentation are APN Technology Partners who have passed additional validation from the Security Hub team for sending findings to Security Hub or receiving findings from Security Hub. Note that all use of the term "partner" herein refers exclusively to a member of the Amazon Web Services Partner Network (APN).

Automated, continuous security checks

Security Hub provides automated, continuous resource-level configuration and security checks using industry standards and best practices. For example, Amazon Security Hub automates the Payment Card Industry Data Security Standard (PCI DSS) and the Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark, a set of security configuration best practices for Amazon Web Services. If any of your accounts or resources deviate from a best practice, Amazon Security Hub flags the problem and recommends remediation steps.

Curated security best practices

Security Hub offers customers a set of automated security controls called the Amazon Web Services Foundational Security Best Practices standard. This is a highly curated set of security best practices vetted by our Amazon Web Services security experts. It is our recommendation that this standard is enabled across all accounts and regions.

Seamless integration through a standardized findings format

Security findings from Amazon Web Services services such as Amazon  Systems Manager Patch Manager and IAM Access Analyzer are collected in Security Hub using a standardized Amazon Web Services Security Findings Format. Partner integrations use the same standardized findings format, eliminating time-consuming data parsing and normalization tasks. Now you can focus on prioritizing and acting on these consolidated findings.

Custom response and remediation actions

Amazon Security Hub integrates with Amazon CloudWatch events, enabling you to create custom response and remediation workflows. You can easily send findings to SIEMs, chat tools, ticketing systems, Security Orchestration Automation and Response (SOAR) tools, and on-call management platforms. Response and remediation actions can be fully automated or they can be triggered manually in the console. You can also use Amazon System Manager Automation documents, Amazon Web Services Step Functions, and Amazon Lambda functions to build automated remediation workflows that can be initiated from Security Hub.

Multi-account support

With a few clicks in the Amazon Security Hub console, you can connect multiple Amazon Web Services accounts and consolidate findings across those accounts. By designating a master security account, you can enable your security team to see consolidated findings for all accounts, while individual account owners see only findings associated with their account.

Useful predefined security insights

Security insights are grouped findings that highlight emerging trends or possible issues. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities, or S3 buckets with public read or write permissions. Amazon Security Hub’s predefined (i.e., managed) insights are designed to quickly flag the resources and accounts of most concern.

Custom insights for your environment

Create and customize your own insights, tailored to your specific security and compliance needs. You can base custom insights on the predefined security insights offered by Amazon Security Hub or start from scratch. For example, you can create an insight to identify EC2 instances tagged as “production” that don't meet security standards.

Visual summary dashboard

Monitor your security posture and quickly identify security issues and trends using Amazon Security Hub’s summary dashboard. For example, you can drill down into a trendline graph to discover that a set of Amazon EC2 instances with a high number of findings were all created using the same Amazon Machine Images (AMI).