More Related Content
Similar to AWS雲端自動化合規檢核與資安警訊通報管理
Similar to AWS雲端自動化合規檢核與資安警訊通報管理 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
AWS雲端自動化合規檢核與資安警訊通報管理
- 1. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS雲端自動化合規檢核與資安警訊通報管理
AWS Security Hub
Partner Solutions Architect
Jason Wang
AWS Taiwan
- 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Services overview
- 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protect Detect Respond
Automate
Investigate
RecoverIdentify
AWS
Systems
Manager
AWS Config
AWS
Lambda
Amazon
CloudWatch
Amazon
Inspector
Amazon
Macie
Amazon
GuardDuty
AWS
Security Hub
AWS IoT
Device
Defender
KMSIAM
AWS
Single
Sign-On
Snapshot Archive
AWS
CloudTrail
Amazon
CloudWatch
Amazon
VPC
AWS
WAF
AWS
Shield
AWS
Secrets
Manager
AWS
Firewall
Manager
AWS Foundational and Layered Security Services
AWS
Organizations
Personal
Health
Dashboard
Amazon
Route 53
AWS
Direct
Connect
AWS Transit
Gateway
Amazon
VPC
PrivateLink
AWS Step
Functions
Amazon
Cloud
Directory
AWS
CloudHSM
AWS
Certificate
Manager
AWS
Control
Tower
AWS
Service
Catalog
AWS Well-
Architected
Tool
AWS
Trusted
Advisor
Resource
Access
manager
AWS
Directory
Service
Amazon
Cognito
Amazon S3
Glacier
AWS
Security Hub
AWS
Systems
Manager
AWS
CloudFormation
AWS
OpsWorks
Amazon
Detective
- 4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction AWS Security Hub
- 5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Problem statements
Large volume of
alerts and the
need to prioritize
3
Too many
security
alerts
Lack of an
integrated view
of security and
compliance
across accounts
4
Lack of an
integrated
view
Dozens of
security tools
with different
data formats
2
Too many
security alert
formats
Many compliance
requirements and
not enough time
to build the
checks
1
Backlog of
compliance
requirements
- 6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is AWS Security Hub?
AWS Security Hub is the compliance and security center for AWS
customers
One part SIEM-like aggregation for AWS-related “findings”
One part automated checks against compliance standards
- 7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction to AWS Security Hub
Enable AWS Security
Hub for all your
accounts.
Account 1
Account 2
Account 3
Conduct automated
compliance scans
and checks.
Take action based
on findings.
Continuously
aggregate and
prioritize findings.
Better visibility into security issues. Easier to stay in compliance.
- 8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is AWS Security Hub?
- 9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Target
options
Introduction to AWS Security Hub
Responding to Findings Insights: Remediation
AWS Security
Hub
Amazon
CloudWatch
CloudWatch
Event
Aggregate Report Take Action
AWS Security
Services
OR
Partner
solutions
Detect
Selected
findings
and
insights
- 10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub Benefits
- 11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub Benefits
Take Action
Aggregated
findings
Compliance
standards
- 12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automated compliance checks
43 fully automated,
nearly continuous
checks
- 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compliance Standards
Based on CIS AWS Foundations Benchmark
• 43 fully automated, nearly continuous checks
• Findings are displayed on main dashboard for
quick access.
• Best practices information is provided to help
mitigate gaps to be in compliance.
- 14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Avoid the use of the
"root" account
Ensure CloudTrail is
enabled in all regions
Ensure no Security
groups allow ingress
from 0.0.0.0/0 to
port 22
Ensure IAM policies
that allow full "*:*"
administrative
privileges are not
created
43 pre configured rules for CIS
Compliance Standards
Examples:
- 15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compliance Standards
- 16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compliance Standards
Example: 1.1 Avoid the use of the "root" account
- 17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub Benefits
Aggregated
findings
Compliance
standards
Take Action
- 18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Aggregated findings
~100 JSON-formatted fields
Finding Types
• Sensitive Data Identifications
• Software and Configuration Checks
• Unusual Behaviors
• Tactics, Techniques, and Procedures
(TTPs)
• Effects
AWS Security Finding Format
Severity Normalized
0 30 70 100
Sensitive Data
Identifications
Software and
Config checks
Unusual
behaviors
EffectsTTPs
- 19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Aggregated findings
- 20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Insights help identify resources that require attention
- 21. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub insights
• Dashboard provides visibility into the top security findings
• 20 pre-built insights provided by AWS and AWS partners
• Customer can create their own insights
• Examples:
EC2 instances that
have
missing security
patches
S3 buckets with
stored credentials
S3 buckets with
public read and
write permissions
Top AMIs by
counts of findings
- 22. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub Benefits
Aggregated
findings
Compliance
standards
Take Action
- 23. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Take Action
Partner Solutions
Custom Actions
Amazon Security
Hub
With other Services
Amazon CloudWatch
Events
AWS Services
- 24. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom Actions in Security Hub
- 25. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom Actions in Security Hub
- 26. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom Actions in Security Hub
Rule
Custom Action
Simple
Notification
Service
{
"source": [
"aws.securityhub"
],
"resources": [
"arn:aws:securityhub:us-west-
2:xxxxxxxxxxxx:action/custom/send_to_email"
]
}
Event
(event-
based)
Email
- 27. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom Actions in Security Hub
Rule
Event
Custom Action
Lambda Function
Rule
Event
Custom Action
Kinesis Stream
Rule
Event
Custom Action
Run
command
Simple
Notification
Service
- 28. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom Actions in Security Hub
- 29. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Take Action
Partner Solutions
Custom Actions
via
Amazon Security
Hub
With other services
via
Amazon CloudWatch
Events
AWS Services
- 30. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Taking Action with Security Hub partner
AWS
Security
Hub
Amazon
CloudWatch
Events
Amazon GuardDuty
Amazon Inspector
Amazon Macie
Partner Solutions
!
Target
options
- 31. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customizable response and remediation actions
OpsCenter
(AWS
Systems Manager)
or
1. All findings automatically
send to CloudWatch events;
AND
2. AWS Security Hub user
selects findings in the console
and takes a custom action on
them. These findings are sent
to CloudWatch decorated
with a custom action ID
3. User creates
CloudWatch event
rules to look for certain
findings associated
with a custom action id
or types of findings.
4. The rule defines a
target – typically a
Lambda function,
Step Function, or
Automation
document
5. The target could be
things like a chat,
ticketing, on-call
management, SOAR
platform, or custom
remediation playbook
Amazon
CloudWatch
AWS
Lambda
AWS
Security
Hub
Event
(time-base)
Rule
AWS Step
Functions
- 32. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Security Hub
Services Availability (Regions)
Existing Regions with AWS Security Hub
Coming soon Regions
Existing Regions
Oregon
Northern California AWS GovCloud
(US-West)
Ohio
Canada
Central
Ireland London
Stockholm
Paris
Frankfurt
Milan
Bahrain
Cape Town
Mumbai
Singapore
Jakarta
Hong Kong
Ningxia
Beijing
Seoul Tokyo
Sydney
AWS
GovCloud
(US-East)
Northern
Virginia
- 33. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Reference Customers
- 34. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank You !