Waf Charm

Blog

AWS for beginners

AWS Security Hub for beginners

【Table of contents】

  1. 1. What is AWS Security Hub?
  2. 2. AWS Security Hub pricing
  3. 3. Conclusion
  • 1. What is AWS Security Hub?

    AWS Security Hub is a service that provides a centralized management system for alerts of AWS target services. You can consolidate, organize and prioritize security alerts generated by multiple services and view them in a single, easy-to-understand management screen. By deploying AWS Security Hub, you will be able to reduce the need to review and handle the huge number of alerts that arrive across multiple services, one by one.

    • a) How does AWS Security Hub work?

      The following image is a good example to explain how AWS Security Hub works. It shows you the status of high-priority security alerts and compliance detected across multiple AWS services in a single, centralized management screen.

      [Source:AWS Security Hub (https://aws.amazon.com/security-hub/)]

      The following AWS services can be targeted for centralized management of AWS Security Hub.
      ・Amazon GuardDuty
      ・Amazon Inspector
      ・IAM Access Analyzer
      ・Amazon Macie
      ・AWS Firewall Manager

      AWS accounts and supported third-party partner products are also eligible.
      It also checks to see if your AWS environment is in general compliance based on the results of the analysis.

      It's nice to be able to perform the necessary monitoring on a regular basis in an easier and more understandable way. However, it should be noted that there is no automatic remediation function with integrated alerts in AWS Security Hub, so administrators will have to deal with security issues themselves.

    • b) Advantages of introducing

      There are three main advantages of deploying AWS Security Hub.

      • <Time saving>
        Firstly, you can see alerts generated by multiple services on one screen.
        It usually takes a lot of time to check the alerts generated by each service, examine their relevance, and decide on priorities and actions to take. The ability to consolidate alerts on a single screen, correlate the results of each detection, and present high-priority detections and recommended actions can save a lot of man-hours. Also, AWS Security Hub fetches data using standard formats, so you don't have to spend time on data conversion.
         
      • <Improves compliance>
        The AWS Security Hub also allows for compliance checks with automated checks.
        For example, you can analyze accounts that need attention based on industry-standard best practices in AWS, such as the Center for Internet Security (CIS) AWS Foundations Benchmark.
         
      • <React quickly to detection results>
        AWS Security Hub consolidates security detections and provides visibility into security and compliance status, making it easy to detect, identify problems, and take action. For example, you can integrate with Amazon CloudWatch Events to send detections via email.

        This means that if there is a security issue that needs to be addressed, the person in charge will be able to know immediately and can take the next action quickly. Security issues are often a race against time, so being able to identify problems right away is a big advantage.

    • c) Introduction method

      In order to deploy AWS Security Hub, you need to sign in to AWS and enable AWS Security Hub. There are no difficult steps to take in either case, and it's easy to get started.

      There is also a 30-day free trial period, so even if you want to see how it feels to use it, you can feel free to try it out.

      • ■ How to start using AWS Security Hub?
        To enable AWS Security Hub, you must first set up permissions for IAM security users, groups, etc.

        <Configuring the access permissions required to enable AWS Security Hub>
        To enable AWS Security Hub, you must first have the required permissions for the IAM user, role, or group. Granting access permissions attaches the following policies to an IAM user, group, or role.

        To learn how to attach a policy, please refer to the following blog.
        https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-and-attach-iam-policy.html

        {
        	"Version": "2012-10-17",
           "Statement": [
            	{
                	"Effect": "Allow",
                	"Action": "securityhub:*",
                    "Resource": "*"	
            	},
            	{
                    "Effect": "Allow",
                	"Action": "iam:CreateServiceLinkedRole",
                	"Resource": "*",
                	"Condition": {
                    	"StringLike": {
                            "iam:AWSServiceName": "securityhub.amazonaws.com"
                    	}
                	}
            	}
        	]
        }
        

        <Activating AWS Security Hub>
        Sign in to the Security Hub console using the IAM identity credentials obtained above and select How to get started > Enable Security Hub.

        This activates AWS Security Hub.

        Please note that in order for Security Hub to successfully perform compliance checks against the CIS AWS Foundations standard rules, you need to enable AWS Config(https://aws.amazon.com/config/)with a Security Hub-enabled account.

  • 2. AWS Security Hub pricing

    Amazon Security Hub cost is calculated by adding up the following two.
    ・Number of compliance checks
    ・Number of events to capture detection results

    For Asia Pacific (Tokyo), the fee structure is as follows.

    ◆ Number of compliance checks (per month)
    First 100,000 compliance checks per region, per account: $0.0010 per check
    The following 400,000 compliance checks per region, per account: $0.0008 per check
    Over 500,000 compliance checks per region, per account: $0.0005 per check

    ◆ Number of events to capture detection results (per month)
    First 10,000 detection result capture events per region, per account: Free
    More than 10,000 detection result capture events per region, per account: $0.00003 per event

    ※AWS Security Hub also has a free trial period. The free trial is for 30 days and it is possible to validate in this period without incurring any charges. Also, during the free trial, the estimated fees will be displayed on the console, so it's convenient if you want to know how much you're actually going to pay.

  • 3. Conclusion

    AWS Security Hub is a service that allows you to check security issues and compliance with an integrated alert management screen.

    Alerts generated by multiple services can be analyzed, organized, and related to each other, saving significant man-hours compared to checking and analyzing each service in a separate management screen.

    In addition, it is expected to be able to quickly identify what has occurred in each service, thereby speeding up the initial response.

    Take advantage of the 30-day free trial if you want to know how it feels to use it and what it costs.