Profile Applicability
- Level 1
Description:
AWS Security Hub provides a comprehensive view of your security state within AWS and helps you monitor and improve your security posture. Security Hub collects, organizes, and prioritizes security findings from multiple AWS services and third-party tools, helping you quickly identify and remediate security issues.
Enabling AWS Security Hub allows you to centralize and automate the process of aggregating security findings, ensuring you can respond to issues promptly. This is essential for organizations that want a unified view of their security posture and to meet regulatory and security best practices.
Rationale:
Enabling AWS Security Hub offers several benefits:
Centralized security management: Provides a single pane of glass for security alerts and findings from various AWS services and third-party integrations.
Improved security posture: Allows for proactive monitoring and identification of security issues across your AWS environment, enabling faster remediation.
Compliance: Meets industry standards that require continuous monitoring and centralized security auditing.
Automated threat detection: Integrates with multiple services to provide real-time security findings, reducing the time to identify and respond to potential threats.
Without AWS Security Hub, security findings from AWS services and third-party tools would be siloed, making it more difficult to detect and respond to security issues in a timely manner.
Impact:
Failure to enable AWS Security Hub can result in:
Increased risk of undetected security vulnerabilities: Without a centralized view, security issues may go unnoticed, leading to potential exploitation.
Non-compliance: Failing to implement Security Hub could violate security standards and compliance requirements that mandate continuous monitoring and security auditing.
Delayed incident response: Without Security Hub's automated findings, organizations may experience delays in identifying and responding to security incidents.
Enabling AWS Security Hub ensures that security findings are aggregated and actionable, improving your overall security posture.
Default Value:
AWS Security Hub is not enabled by default. It must be explicitly enabled for each AWS account and region where you wish to use it.
Pre-Requisites:
AWS CLI installed and configured
IAM permissions:
securityhub:EnableSecurityHub
securityhub:DescribeHub
Access to the AWS Management Console or AWS CLI to enable Security Hub in your account and regions
Remediation:
Test Plan:
Using AWS Console:
Go to the AWS Security Hub Console.
Ensure that Security Hub is enabled in the account and region you are working in.
If Security Hub is not enabled, click the Enable Security Hub button to start the service.
Using AWS CLI:
aws securityhub describe-hub --query "HubStatus" --output table
To enable AWS Security Hub:
aws securityhub enable-security-hub
Implementation Plan:
Using AWS Console:
Enable AWS Security Hub:
Go to the AWS Security Hub Console.
In the Security Hub section, click Enable Security Hub to activate the service.
Review the settings to ensure that the service is enabled for the region you want to monitor.
After enabling, Security Hub will automatically start collecting and aggregating findings from supported AWS services.
Configure integrations:
Once Security Hub is enabled, configure integrations with other AWS services, such as AWS Config, GuardDuty, and Inspector, to ensure all security findings are aggregated.
Using AWS CLI:
Enable AWS Security Hub:
aws securityhub enable-security-hub
Verify the service is enabled:
aws securityhub describe-hub --query "HubStatus" --output table
Enable integrations:
After enabling Security Hub, you can integrate it with other services like GuardDuty or Inspector by enabling their findings integration:
aws securityhub enable-import-findings-from-other-services
Backout Plan:
Using AWS Console:
If enabling Security Hub causes operational issues:
Go to the AWS Security Hub Console.
Click Disable Security Hub to turn off the service temporarily while troubleshooting.
Reconfigure settings if integrations or notifications are causing issues.
Using AWS CLI:
Disable AWS Security Hub:
aws securityhub disable-security-hub
Re-enable AWS Security Hub once issues are resolved:
aws securityhub enable-security-hub