Continuous Compliance con AWS Security Hub

1. Continuous Compliance with AWS Security Hub Margherita Bonetto AWS Solutions Architect

2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing Table of contents Use patterns Next steps AWS Security Hub overview Getting started Demo

3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Problem statements – “Am I secure?” Large volume of alerts and the need to prioritize 3 Too many security alerts Lack of an integrated view of security and compliance across accounts 4 Lack of an integrated view Dozens of security tools with different data formats 2 Too many security alert formats Many compliance requirements and not enough time to build the checks 1 Backlog of compliance requirements

5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect Detect Respond Automate Investigate RecoverIdentify AWS Systems Manager AWS Config AWS Lambda Amazon CloudWatch Amazon Inspector Amazon Macie Amazon GuardDuty AWS Security Hub AWS IoT Device Defender KMSIAM AWS Single Sign-On Snapshot Archive AWS CloudTrail Amazon CloudWatch Amazon VPC AWS WAF AWS Shield AWS Secrets Manager AWS Firewall Manager AWS Foundational and Layered Security Services AWS Organizations Personal Health Dashboard Amazon Route 53 AWS Direct Connect AWS Transit Gateway Amazon VPC PrivateLink AWS Step Functions Amazon Cloud Directory AWS CloudHSM AWS Certificate Manager AWS Control Tower AWS Service Catalog AWS Well- Architected Tool AWS Trusted Advisor Resource Access manager AWS Directory Service Amazon Cognito Amazon S3 Glacier AWS Security Hub AWS Systems Manager AWS CloudFormation AWS OpsWorks Amazon Detective

6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Partner integrations Firewalls Vulnerability SOAR SIEM Endpoint Compliance MSS P Other Firewalls Vulnerability SOAR SIEM Endpoint Compliance MSSP Other

7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use pattern 1: Centralized security and compliance workspace Goal Have a single pane of glass to view, triage, and take action on AWS security and compliance issues across accounts Personas SecOps, compliance, and/or DevSecOps teams focused on AWS, Cloud Centers of Excellence, the first security hire Key processes example 1. Ingest findings from finding providers 2. High-volume and well-known findings are programmatically routed to remediation workflows, which include updating the status of the finding 3. Remaining findings are routed to analysts via an on-call management system, and they use ticketing and chat systems to resolve them Taking action integrations Ticketing systems, chat systems, on-call management systems, SOAR platforms, customer-built remediation playbooks

8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use pattern 2: Centralized routing to a SIEM Goal Easily route all AWS security and compliance findings in a normalized format to a centralized SIEM or log management tool Personas SecOps, compliance, and/or DevSecOps teams Key processes example 1. Ingest findings from finding providers 2. All findings are routed via Amazon CloudWatch Events to a central SIEM that stores AWS and on-premises security and compliance data 3. Analyst workflows are linked to the central SIEM Taking action integrations SIEM

9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use pattern 3: Dashboard for account owners Goal Provide visibility to AWS account owners on the security and compliance posture of their account Personas AWS account owners Key processes example 1. Ingest findings from finding providers 2. Account owners are given read-only access to Security Hub 3. Account owners can use Security Hub to research issues that they are ticketed on or proactively monitor their own security and compliance state Taking action integrations Chat, ticketing

13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Findings in AWS Security Hub The observable record of a security check or security-related detection AWS Security Finding Format (ASFF)

17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing • Free trial: All AWS accounts will have a 30-day free trial. Security Standards Pricing First 100,000 $0.0010/check 100,001-500,000 $0.0008/check 500,001+ $0.0005/check Finding ingestion pricing: • Free tier: Post 30 days, a perpetual free tier of 10,000 findings ingestion events per account per month. • Then - finding ingestion events are $0.3 per 10,000 findings. Compliance Standards pricing: Charge is based on the following: • Per security check • Per AWS account • Per region • Per month Events Pricing First 10,000 events / month Free 10,001 + events / month $0.00003/finding

19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Next steps • Get Started: Free POC (30 days): https://console.aws.amazon.com/securityhub/ • Learn more: AWS Security Hub • AWS Security Webinars on-demand • Security blog post: Top 10 security items to improve in your AWS account in AWS

20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Next steps AWS Training & Certification https://www.aws.training: Free on-demand courses to help you build new cloud skills For more info on AWS T&C visit: https://aws.amazon.com/it/training/ E-Learning: AWS Security Fundamentals (Second Edition) https://www.aws.training/Details/eLearning?id=34259 E-Learning: Getting Started with AWS Security, Identity and Compliance https://www.aws.training/Details/eLearning?id=49720 Video: AWS Foundations: Securing Your AWS Cloud https://www.aws.training/Details/Video?id=49712 Video: AWS Shared Responsibility Model https://www.aws.training/Details/Video?id=16488 Video: Differences Between Security Groups and NACLs https://www.aws.training/Details/Video?id=16486 Video: Protecting Your Instance with Security Groups https://www.aws.training/Details/Video?id=16487

21. Thanks!