The Big Picture with Security Hub
AWS Security Hub is a comprehensive analysis utility that gives a clearer picture of your infrastructure. Through native and vendor integrations, it provides a single lens on security while providing you actionable insight.
Security Hub utilizes foundational standards, CIS benchmarks, and PCI compliance checks to validate your infrastructure security. While using standards gets over the hurdle of managing rules, it still requires the overhead of enabling config and reporting back to the management account. However, despite the downsides, it can be a powerful utility in improving your security posture.
All of the resources are needed, as described in AWS Config. In replacement of config rules, we use the conformance packs, aws-foundational-security-best-practices, and cis-aws-foundations-benchmark. The conformance packs then translate individual benchmarks into rules. It is worth noting that the checks' overall cost adds up quickly with more regions + accounts.
Security Hub provides an aggregated console that breaks down the findings' severity, a key to prioritizing work. An example of what the prioritization looks like:
Through navigating through the UI, you can then drill down to the specific AWS Config finding and view the non-compliant resources
Scores are also an interesting metric to pull out. When you look at the CIS benchmarks, it is nice to report back a score of improvements to track progress.
Security Hub integrates with many services, not just AWS Config. Both AWS services and vendor services, overall giving you a regionalized view of your infrastructure state.