aws security hub - overview v2/jp_security and complianc… · © 2018, amazon web services, inc....

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Office of the CISO, Henrik Johasson

AWS Security Hub

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS ������$�

ArchiveSnapshot

Protect Detect Respond RecoverIdentify

Investigate

AutomateAmazon

Macie

!� �� ��

���

�"

��

#

������

�����

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

���

1

Large volume of alerts and the

need to prioritize

3Dozens of security

tools with different data

formats

2Ensure that your

AWS infrastructure

meets compliance requirements

1

PrioritizationMultiple formats VisibilityCompliance

Lack of a single pane of glass

across security and compliance

tools

4

��� ���� ������ ������ ���

*?��&���+=��� �92C4:��;0

��%'���)"&��)���(-,� 1 �� %��.7/>

AWS �)!&��&��$��)"&��)�05DA�86�

;0

@����!��#�����%'����(�31B<

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS Security Hub �+�

AWS ���2%>;�OHVI�8� �-/$��.�%��2*.��2�

�$�!�� 1 �Y[)-������� �

(������������

*��&��" )!$�AWS �(�%'�� �-/$���)�J�K7���

:9�%12&�AFC�\3

��������� �����#

CIS AWS Foundations Benchmark ��4GUQ�

N=

'%CloudWatch Events � Lambda �S5@M���"�#%LB��TD�",#%�+�0�6?ZEWP ��RP�<X

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

�������� �

AWS Security Hub �8;B1(<D9?�*�9.���P ��\Sf_

• Ne AWS Config @�+�� AWS Config dS[W�gb��\S���� �

• ������\S���� �• ZO(B1( �� �a���� �• Im^i (GA) BB�.�K���lj�UNT_�`�]��������RL� �

API/CLI/SDK �:C*=�2• C++�Go�Java�JS�.Net�PHP�

Python�Ruby

������� (15)

• - 8,:!1( (>F7")• - 8,:!1( (/#C)• - 8,:!1( (,F'=�C)

• - 8,:!1( (,35�)• - 8,:!1( (JV)• &40 (HM)• kh (:AF(:C2)• kh ( "CAF3)• kh (EF3F)• kh (8B)• cQ (*F8#E)• QGJM (7�-5 YM)• QGJM (%6"%)• QGXM (Y&B:$C5 )• QGXM (%D)F)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

������������� ��Firewalls

Vulnerability

SOAR

SIEM

Endpoint

Compliance

MSSP

Other

�������

���

������

��������

���

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

������ ������ ��— CrowdStrike

IP MAC ��#�����"API (DAWS(�)

��"� $� API

API �.1

,&����/)1. Python ��"���"� $� API �!���*)2. Python ��"� AWS API -+���"3. EC2�$��$�%2��'&�����0)4. EC2 CrowdStrike�����,&�� ���������AWS Security Hub /)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

������ ������ ��—Armor

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

�������� Security Hub �

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS ��� ����������

� 100 )� JSON �����������

�!$��• �0����-&• ��������%"• �(�.���#• �*�'*��/ (TTP)• +,

Severity.Normalized�������

�0����-&

��������%"

�(�.���#

TTP +,

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

�������� �����

43 ��� �������������

CIS ����

�������������

��� - 1.20

��

����

�������������: 39

�������������: 4

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

������������������ Insights

��� ���� AMI

AMI

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

������ ������������

Event (event-based)

Rule

1. AWS Security Hub (�����*��)�7+8;�/F�����&?>�0<���

2. ���&?> ID �=6��7+8;� CloudWatch�@4����

3. ���&?> ID �:2�� CloudWatch��%*$)�) G,����

4. )�)�����!$(.B� Lambda � Step Function) �-A������

5. ���!$�� '!$� �!$93��*�#*$C1�D5E>��"&����

�%*$(�%*$%��)

)�)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

��

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

����������

Collect and process security findings from multiple accounts within a region

Evaluate your compliance against regulatory and best practice frameworks

Identify and prioritize the most important issues by grouping and correlating security findings with Insights

Understand and manage your overall AWS security and compliance posture 1/, AWS ��!$����'�#��'�+F0<�G0

D4�����#�����%� &����'�#��'�I=

$��"'-K6���'���!$��:(;>BC�E0

Insights �:(�����!$��57*J�L)����2 8357H@�?9.A�

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

������

��������: https://console.aws.amazon.com/securityhub/

��: https://aws.amazon.com/security-hub/

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark

Thank you