AWS Security Hub offre una visione completa del proprio stato di sicurezza all'interno di AWS e aiuta a mantenerlo monitorato tramite continui controlli di conformità. In questo webinar imparerai come, con Security Hub, puoi eseguire una configurazione automatica e continua a livello di account e come eseguire controlli di conformità basati su standard di settore e best practice, come il Center for Internet Security (CIS) AWS Foundations. In questo webinar approfondiremo inoltre le feature principali di Security Hub e scopriremo come abilitare flussi di lavoro di riparazione automatizzati per agire sui problemi di conformità rilevati.

1. Continuous Compliance with
AWS Security Hub
Margherita Bonetto
AWS Solutions Architect

2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pricing
Table of contents
Use patterns
Next steps
AWS Security Hub overview
Getting started
Demo

3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Problem statements – “Am I secure?”
Large volume of
alerts and the
need to prioritize
3
Too many
security
alerts
Lack of an
integrated view
of security and
compliance
across accounts
4
Lack of an
integrated
view
Dozens of
security tools
with different
data formats
2
Too many
security alert
formats
Many compliance
requirements and
not enough time
to build the
checks
1
Backlog of
compliance
requirements

4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is AWS Security Hub?
AWS’s Security Posture Management service

5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protect Detect Respond
Automate
Investigate
RecoverIdentify
AWS Systems
Manager
AWS Config
AWS
Lambda
Amazon
CloudWatch
Amazon
Inspector
Amazon
Macie
Amazon
GuardDuty
AWS
Security Hub
AWS IoT
Device
Defender
KMSIAM
AWS
Single
Sign-On
Snapshot Archive
AWS
CloudTrail
Amazon
CloudWatch
Amazon
VPC
AWS
WAF
AWS Shield AWS Secrets
Manager
AWS
Firewall
Manager
AWS Foundational and Layered Security Services
AWS
Organizations
Personal Health
Dashboard
Amazon
Route 53
AWS
Direct
Connect
AWS Transit
Gateway
Amazon
VPC
PrivateLink
AWS Step
Functions
Amazon
Cloud
Directory
AWS
CloudHSM
AWS
Certificate
Manager
AWS
Control
Tower
AWS Service
Catalog
AWS Well-
Architected
Tool
AWS
Trusted
Advisor
Resource
Access
manager
AWS
Directory
Service
Amazon
Cognito
Amazon S3
Glacier
AWS
Security Hub
AWS Systems
Manager AWS CloudFormation
AWS
OpsWorks
Amazon
Detective

6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Partner integrations
Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSS
P
Other
Firewalls
Vulnerability
SOAR
SIEM
Endpoint
Compliance
MSSP
Other

7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use pattern 1:
Centralized security and compliance workspace
Goal
Have a single pane of glass to view, triage, and take action on AWS
security and compliance issues across accounts
Personas
SecOps, compliance, and/or DevSecOps teams focused on AWS, Cloud Centers
of Excellence, the first security hire
Key processes
example
1. Ingest findings from finding providers
2. High-volume and well-known findings are programmatically routed to
remediation workflows, which include updating the status of the finding
3. Remaining findings are routed to analysts via an on-call management
system, and they use ticketing and chat systems to resolve them
Taking action
integrations
Ticketing systems, chat systems, on-call management systems, SOAR
platforms, customer-built remediation playbooks

8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use pattern 2:
Centralized routing to a SIEM
Goal
Easily route all AWS security and compliance findings in a
normalized format to a centralized SIEM or log management tool
Personas SecOps, compliance, and/or DevSecOps teams
Key processes
example
1. Ingest findings from finding providers
2. All findings are routed via Amazon CloudWatch Events to a
central SIEM that stores AWS and on-premises security and
compliance data
3. Analyst workflows are linked to the central SIEM
Taking action
integrations
SIEM

9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use pattern 3:
Dashboard for account owners
Goal
Provide visibility to AWS account owners on the security and
compliance posture of their account
Personas AWS account owners
Key processes
example
1. Ingest findings from finding providers
2. Account owners are given read-only access to Security Hub
3. Account owners can use Security Hub to research issues that they
are ticketed on or proactively monitor their own security and
compliance state
Taking action
integrations
Chat, ticketing

10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting Started
A few clicks to enable Security Hub

11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting Started
A few clicks to enable Security Hub

12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security Standards
AWS Foundational
Security Best Practices
v1.0.0

13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Findings in AWS Security Hub
The observable record of a security check or security-related detection
AWS Security Finding Format (ASFF)

14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Insights in AWS Security Hub
A collection of related findings defined by an aggregation statement and
optional filters

15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom Actions

16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Simple multi-account setup
Security Hub
Master
Security Hub
Account 1
Security Hub
Account 2
Security Hub
Account 3

17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pricing
• Free trial: All AWS accounts will have a 30-day free trial.
Security Standards Pricing
First 100,000 $0.0010/check
100,001-500,000 $0.0008/check
500,001+ $0.0005/check
Finding ingestion pricing:
• Free tier: Post 30 days, a perpetual free tier of 10,000
findings ingestion events per account per month.
• Then - finding ingestion events are $0.3 per 10,000 findings.
Compliance Standards pricing:
Charge is based on the following:
• Per security check
• Per AWS account
• Per region
• Per month
Events Pricing
First 10,000 events / month Free
10,001 + events / month $0.00003/finding

18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Demo

19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Next steps
• Get Started: Free POC (30 days): https://console.aws.amazon.com/securityhub/
• Learn more: AWS Security Hub
• AWS Security Webinars on-demand
• Security blog post: Top 10 security items to improve in your AWS account in AWS

20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Next steps
AWS Training & Certification
https://www.aws.training: Free on-demand courses to help you build new cloud skills
For more info on AWS T&C visit: https://aws.amazon.com/it/training/
E-Learning: AWS Security Fundamentals (Second Edition)
https://www.aws.training/Details/eLearning?id=34259
E-Learning: Getting Started with AWS Security, Identity and
Compliance
https://www.aws.training/Details/eLearning?id=49720
Video: AWS Foundations: Securing Your AWS Cloud
https://www.aws.training/Details/Video?id=49712
Video: AWS Shared Responsibility Model
https://www.aws.training/Details/Video?id=16488
Video: Differences Between Security Groups and NACLs
https://www.aws.training/Details/Video?id=16486
Video: Protecting Your Instance with Security Groups
https://www.aws.training/Details/Video?id=16487

21. Thanks!