To improve clients’ cloud security posture monitoring, AWS Security Hub has published 18 additional controls for its Foundational Security Best Practice standard. For Amazon API Gateway, Amazon EC2, Amazon ECS, Elastic Load Balancing, Amazon ElasticSearch Service, Amazon RDS, Amazon Redshift, and Amazon SQS, these controls perform completely automated checks against security best practises. These controls are enabled by default if Security Hub is set to automatically enable new controls and you are already utilising AWS Foundational Security Best Practices. To automatically verify your security posture in AWS, Security Hub now supports 159 security controls.
The 18 controls launched that we have launched are:
• [APIGateway.5] API Gateway REST API cache data should be encrypted at rest
• [EC2.19] Security groups should not allow unrestricted access to ports with high risk
• [ECS.2] Amazon ECS services should not have public IP addresses assigned to them automatically
• [ELB.7] Classic Load Balancers should have connection draining enabled
• [ES.5] Elasticsearch domains should have audit logging enabled
• [ES.6] Elasticsearch domains should have at least three data nodes
• [ES.7] Elasticsearch domains should be configured with at least three dedicated master nodes
• [ES.8] Connections to Elasticsearch domains should be encrypted using TLS 1.2
• [RDS.16] RDS DB clusters should be configured to copy tags to snapshots
• [RDS.17] RDS DB instances should be configured to copy tags to snapshots
• [RDS.18] RDS instances should be deployed in a VPC
• [RDS.19] An RDS event notifications subscription should be configured for critical cluster events
• [RDS.20] An RDS event notifications subscription should be configured for critical database instance events
• [RDS.21] An RDS event notifications subscription should be configured for critical database parameter group events
• [RDS.22] An RDS event notifications subscription should be configured for critical database security group events
• [RDS.23] RDS databases and clusters should not use a database engine default port
• [Redshift.4] Amazon Redshift clusters should have audit logging enabled
• [SQS.1] Amazon SQS queues should be encrypted at rest
Security Hub has also added 5 integration partners and 3 consultancy partners, bringing the total number of partners to 71. Caveonix Cloud, Forcepoint Cloud Security Gateway (CSG), Micro Focus ArcSight, Netscout Cyber Investigator, and Sysdig Secure for Cloud are among the new integration partners. Caveonix Cloud is a SaaS risk mitigation technology that provides automatic compliance and hybrid-cloud security posture management for total workload protection and communicates results to Security Hub.
Policy violations, actions resulting from traffic and/or email inspection rules, threats, and other events discovered by CSG are all sent to Security Hub via Forcepoint CSG. Mirco Focus ArcSight is a Security Information and Event Management (SIEM) platform that receives findings from Security Hub. NETSCOUT Cyber Investigator is a network threat and risk analysis tool that uses AWS technologies like VPC traffic mirroring to report findings to Security Hub. Sysdig Secure for Cloud is a comprehensive Cloud Security Platform that provides a complete suite for asset discovery, Cloud Security Posture Management (CSPM), vulnerability scanning, and threat detection, and communicates findings to Security Hub.
5pillars, Keepler, and Ubertas Consulting are the new consulting partners. 5pillars simplifies the deployment of AWS Security Hub and provides automated remediation capabilities in conjunction with a comprehensive range of other AWS security services. Keepler relies on AWS Security Hub as a significant component of their service to centralise security monitoring and automate security incident remediation and escalation. Ubertas Consulting offers a Foundations for AWS Well-Architected consulting engagement to help you build out a solid, best-practice-driven AWS infrastructure with AWS Security Hub.
AWS Security Hub is a global service that gives you a holistic view of your security posture across all of your AWS accounts. Security Hub brings together, organises, and prioritises security alerts and findings from a variety of AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, and AWS IAM Access Analyzer, as well as over 60 AWS Partner Network (APN) solutions.
You can also use automatic security tests based on standards like the AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard to continuously monitor your environment. You can also take action on these findings by looking into them in Amazon Detective or AWS Systems Manager OpsCenter, or forwarding them to AWS Audit Manager or AWS Chatbot. You can also communicate the findings to ticketing, chat, SIEM, response and remediation workflows, and incident management systems using Amazon EventBridge rules.
With a single click in the AWS Management panel, you can start your 30-day free trial of AWS Security Hub.