AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc....
Transcript of AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc....
![Page 1: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/1.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Office of the CISO, Henrik Johasson
AWS Security Hub
![Page 2: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/2.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS ������$�
ArchiveSnapshot
Protect Detect Respond RecoverIdentify
Investigate
AutomateAmazon
Macie
!� �� ��
���
�"
��
#
������
�����
![Page 3: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/3.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
���
1
Large volume of alerts and the
need to prioritize
3Dozens of security
tools with different data
formats
2Ensure that your
AWS infrastructure
meets compliance requirements
1
PrioritizationMultiple formats VisibilityCompliance
Lack of a single pane of glass
across security and compliance
tools
4
��� ���� ������ ������ ���
*?��&���+=��� �92C4:��;0
��%'���)"&��)���(-,� 1 �� %��.7/>
AWS �)!&��&��$��)"&��)�05DA�86�
;0
@����!��#�����%'����(�31B<
![Page 4: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/4.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub �+�
AWS ���2%>;�OHVI�8� �-/$��.�%��2*.��2�
�$�!�� 1 �Y[)-������� �
(������������
*��&��" )!$�AWS �(�%'�� �-/$���)�J�K7���
:9�%12&�AFC�\3
��������� �����#
CIS AWS Foundations Benchmark ��4GUQ�
N=
'%CloudWatch Events � Lambda �S5@M���"�#%LB��TD�",#%�+�0�6?ZEWP ��RP�<X
![Page 5: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/5.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
�������� �
AWS Security Hub �8;B1(<D9?�*�9.���P ��\Sf_
• Ne AWS Config @�+�� AWS Config dS[W�gb��\S���� �
• ������\S���� �• ZO(B1( �� �a���� �• Im^i (GA) BB�.�K���lj�UNT_�`�]��������RL� �
API/CLI/SDK �:C*=�2• C++�Go�Java�JS�.Net�PHP�
Python�Ruby
������� (15)
• - 8,:!1( (>F7")• - 8,:!1( (/#C)• - 8,:!1( (,F'=�C)
• - 8,:!1( (,35�)• - 8,:!1( (JV)• &40 (HM)• kh (:AF(:C2)• kh ( "CAF3)• kh (EF3F)• kh (8B)• cQ (*F8#E)• QGJM (7�-5 YM)• QGJM (%6"%)• QGXM (Y&B:$C5 )• QGXM (%D)F)
![Page 6: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/6.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������������� ��Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other
�������
���
������
��������
���
![Page 7: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/7.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������ ������ ��— CrowdStrike
IP MAC ��#�����"API (DAWS(�)
��"� $� API
API �.1
,&����/)1. Python ��"���"� $� API �!���*)2. Python ��"� AWS API -+���"3. EC2�$��$�%2��'&�����0)4. EC2 CrowdStrike�����,&�� ���������AWS Security Hub /)
![Page 8: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/8.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������ ������ ��—Armor
![Page 9: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/9.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
�������� Security Hub �
![Page 10: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/10.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS ��� ����������
� 100 )� JSON �����������
�!$��• �0����-&• ��������%"• �(�.���#• �*�'*��/ (TTP)• +,
Severity.Normalized�������
�0����-&
��������%"
�(�.���#
TTP +,
![Page 11: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/11.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
�������� �����
43 ��� �������������
CIS ����
�������������
��� - 1.20
��
����
�������������: 39
�������������: 4
![Page 12: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/12.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������������������ Insights
��� ���� AMI
AMI
![Page 13: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/13.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������ ������������
Event (event-based)
Rule
1. AWS Security Hub (�����*��)�7+8;�/F�����&?>�0<���
2. ���&?> ID �=6��7+8;� CloudWatch�@4����
3. ���&?> ID �:2�� CloudWatch��%*$)�) G,����
4. )�)�����!$(.B� Lambda � Step Function) �-A������
5. ���!$�� '!$� �!$93��*�#*$C1�D5E>��"&����
�%*$(�%*$%��)
)�)
![Page 14: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/14.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
��
![Page 15: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/15.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
����������
Collect and process security findings from multiple accounts within a region
Evaluate your compliance against regulatory and best practice frameworks
Identify and prioritize the most important issues by grouping and correlating security findings with Insights
Understand and manage your overall AWS security and compliance posture 1/, AWS ��!$����'�#��'�+F0<�G0
D4�����#�����%� &����'�#��'�I=
$��"'-K6���'���!$��:(;>BC�E0
Insights �:(�����!$��57*J�L)����2 8357H@�?9.A�
![Page 16: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/16.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
������
��������: https://console.aws.amazon.com/securityhub/
��: https://aws.amazon.com/security-hub/
![Page 17: AWS Security Hub - Overview V2/JP_Security and Complianc… · © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Office of the CISO, Henrik Johasson AWS Security](https://reader033.fdocuments.net/reader033/viewer/2022050212/5f5e7309af04dd08270077e7/html5/thumbnails/17.jpg)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
Thank you