site-logo

JAWS PANKRATION 2024

site-logo
HomeNewsTimetableCfPCommitteePromotionFollow UpPrivacy Policy

Advanced Security Monitoring and Automation with AWS Security Hub

Lv200

Lv200

8/24/2024 05:00 (UTC)

Session Info

In an increasingly complex and dynamic cloud environment, maintaining robust security is paramount.

AWS Security Hub offers a comprehensive solution for continuous monitoring, compliance checks, and automated remediation.

This session delves into the advanced features and functionalities of AWS Security Hub, designed for professionals with a foundational understanding of AWS services.

 

Participants will explore how to leverage Security Hub to centralize security findings from multiple AWS accounts and services, enabling a unified view of security and compliance.

We will cover integration with AWS Config, GuardDuty, and third-party tools, demonstrating how to set up and manage automated security responses using AWS Lambda and Step Functions.

Piyush  Jalan

Piyush Jalan

- AWS Community Builders -

- AWS Ambassadors(APN) -



Session Category
Security
Identity and compliance


AWS Services
AWS Security Hub
AWS Config

Session Materials


    Session Summary (by Amazon Bedrock)
      Piyush, a cloud architect with 9+ years of experience, discusses advanced security monitoring and automation using AWS Security Hub. The presentation covers: 1. AWS Security Hub Overview: - A cloud security posture management service - Automates security checks across AWS resources - Consolidates findings from multiple accounts 2. Security Standards in AWS Security Hub: - AWS Foundational Security Best Practices - CIS AWS Benchmark - NIST Cybersecurity Framework - PCI DSS - AWS Well-Architected Framework Security Pillar 3. Automation of Security Response: - Detection of vulnerabilities using AWS Config rules - Initiation of events against findings using custom actions and EventBridge - Orchestration of remediation across accounts using IAM roles and Lambda functions - Remediation using Systems Manager Automation documents - Logging and notification of remediation actions via SNS topics 4. Multi-account and Multi-region Management: - Centralized remediation across multiple accounts and regions - Support for AWS GovCloud and China regions - Capability to create custom remediations 5. Automated Security Hub Reporting: - A custom solution for timely reporting of Security Hub findings - Uses EventBridge to trigger Lambda functions - Lambda function retrieves findings using Security Hub APIs - Converts findings to CSV format and stores in S3 - Sends reports via SNS to security team's email The presentation emphasizes the importance of automating security responses and providing regular, easily accessible security reports to teams. It showcases practical solutions for enhancing AWS environment security management and monitoring.

    ©JAWS-UG (AWS User Group - Japan). All rights reserved.