AWS Security Hub features

Security Hub correlates and enriches security findings to prioritize critical security issues across your accounts and AWS Regions. The integrated dashboard provides clear visualizations through customizable widgets showing exposure summaries, threat trends, and security coverage, including near real-time risk analytics and trends. Through automated analysis and risk-based prioritization, you can more quickly understand which issues require immediate attention, helping you make informed decisions about risk remediation in your cloud environment.

Security Hub provides automated correlation and enhanced risk context by analyzing resource associations, potential impact, and relationships between security issues. This automated analysis offers deeper insights into security risks so you can make more informed decisions about which issues to address first. By correlating related threats, vulnerabilities, and misconfigurations, Security Hub surfaces complex security scenarios that might otherwise go unnoticed, helping you enhance your overall security posture.

Security Hub correlates security findings to prioritize the critical issues in your cloud environment. By analyzing signals from services such as Amazon Inspector, AWS Security Hub Cloud Security Posture Management (CSPM), Amazon GuardDuty, and Amazon Macie, Security Hub connects related vulnerabilities, threats, and misconfigurations to help you understand potential exposures. Security Hub automatically generates exposure findings to help you identify, prioritize, and respond to your critical security issues. Through this correlation, you can rapidly triage security issues and understand how different findings combine to create potential attack paths. You can get clear insights into potentially exploitable resources and make confident decisions about which issues to address first, helping you identify complex security scenarios that may be missed when viewing findings in isolation.

Visualize potential attack paths by understanding how an adversary could chain together vulnerabilities and misconfigurations to compromise critical resources. By mapping these connections, Security Hub helps you understand possible routes an adversary could take through your environment and identify which critical resources could be impacted. You can see the scope of a potential compromise, helping you prioritize remediation efforts, protect critical resources more effectively, and disrupt potential attack chains before they can be exploited.

Access a consolidated view of your AWS resources that brings together security posture, configuration details, and application context in one solution. Security Hub resource inventory allows you to see a summarized view of your resources, their configuration, and related security findings without switching between different tools or consoles. You can streamline your security analysis by viewing findings by resource type and filtering based on key security criteria, helping you make informed decisions about where to focus your security efforts.

Track security posture changes through advanced analytics capabilities that identify patterns and trends in your security data across your environment. Security Hub provides pre-built managed insights with visualizations that show trends over time, enabling you to monitor the changes in your security posture and focus on critical areas. You can leverage dashboard widgets to analyze threat trends, exposure patterns, active resources, and security coverage metrics, enabling you to make data-driven decisions for long-term security strategies and demonstrate measurable security improvements to stakeholders.

Simplify your security operations with streamlined pricing across AWS security services and built-in cost estimation tool. Security Hub consolidates charges under a streamlined pricing model, reducing the complexity of managing multiple service bills and providing predictable resource-based pricing. Use the integrated cost estimator to plan and forecast your security investments across your AWS accounts and Regions before deployment, helping you make informed decisions about your security infrastructure and optimize costs at scale.

Reduce response times with automated workflows that seamlessly integrate with your existing ticketing systems, including Jira Cloud and ServiceNow, helping you streamline remediation at scale. By integrating with your tools and processes, Security Hub lets you focus on responding to security issues rather than managing administrative tasks, improving your overall security posture and operational efficiency.

Security Hub uses the Open Cybersecurity Schema Framework (OCSF), a standardized format for security data, to enable advanced security analytics that help you identify critical issues before they impact your operations. OCSF provides consistent formatting for security findings across various AWS services and partner integrations. By leveraging OCSF, Security Hub seamlessly integrates with your security tools and workflows. This standardized approach enhances your ability to identify patterns, trends, and anomalies across your cloud environment, leading to more effective security management.

Standardized security uses OCSF to streamline the ingestion and processing of security data from various AWS services and partner integrations. This unified data format enables seamless integration with your existing security tools and workflows. OCSF provides consistent formatting for security findings, including details such as resource identifiers, severity levels, and timestamps, making it easier to search, filter, and correlate security data across your environment.

Security Hub provides centralized deployment and management across AWS Organizations with just a few clicks in the console. By designating an administrator account, your security team can view correlated security findings across all accounts through a single consolidated view, while individual account owners see only findings associated with their account. Integration with AWS Organizations, provides unified enablement, allowing you to automatically enable Security Hub for any account in your organization, simplifying security operations at scale.

As part of your unified security solution, designate an aggregator Region to centralize security findings across your accounts and Regions, providing more comprehensive visibility into and simplified management of your security operations. Findings are continuously synced between the Regions so that updates made to a finding in one Region are replicated to other Regions. Your Amazon EventBridge event bus in your administrator account and aggregator Region publishes events for all your findings across all member accounts and linked Regions, which allows you to simplify integrations with ticketing, chat, incident management, logging, and auto-remediation tools by consolidating those integrations into your aggregator Region where events are published.

The advanced analytics capabilities in Security Hub lets you filter, group, and create saved searches across your security findings. Leveraging the standardized OCSF format, you can create custom views and insights that help surface critical risks across your environment. For example, you can filter findings to focus on high-severity issues and group them by resource to identify the vulnerable assets. Security Hub provides both pre-packaged managed insights and the ability to create custom insights, helping you identify patterns and trends in your security data. Each insight includes visualizations to show trends over time so you can track the evolution of your security posture and focus on what matters most.

Security Hub leverages the standardized OCSF format to enable seamless integration with your existing security tools, including ticketing, chat, incident management, threat investigation, GRC (Governance Risk and Compliance), SOAR (Security, Orchestration, Automation, and Response), and SIEM (Security Information and Event Management) tools. These integrations, combined with automated workflows, help streamline your security operations and enable response at scale.