O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

How to act on security and compliance alerts with AWS Security Hub - SEC202 - New York AWS Summit

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio

Confira estes a seguir

1 de 35 Anúncio

How to act on security and compliance alerts with AWS Security Hub - SEC202 - New York AWS Summit

Baixar para ler offline

Learn about AWS Security Hub and how it gives you a comprehensive view of your high-priority security alerts and your compliance status across AWS accounts. See how Security Hub aggregates, prioritizes, and helps you act on your alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as solutions from members of the AWS Partner Network.

Learn about AWS Security Hub and how it gives you a comprehensive view of your high-priority security alerts and your compliance status across AWS accounts. See how Security Hub aggregates, prioritizes, and helps you act on your alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as solutions from members of the AWS Partner Network.

Anúncio
Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a How to act on security and compliance alerts with AWS Security Hub - SEC202 - New York AWS Summit (20)

Anúncio

Mais de Amazon Web Services (20)

How to act on security and compliance alerts with AWS Security Hub - SEC202 - New York AWS Summit

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T How to act on security and compliance alerts with AWS Security Hub Ely Kahn Principal Product Manager AWS Security Hub Amazon Web Services S E C 2 0 2 Josh Hammer Partner Solutions Architect AWS Partner Network Amazon Web Services
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda AWS Security Hub overview Customer use cases “Taking action” deep dive Demonstration Questions
  3. 3. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Problem statements Large volume of alerts, and the need to prioritize and take action 3 Dozens of security tools with different data formats 2 Many compliance requirements, and not enough time to build the checks 1 Too many security alerts Too many security alert formats Backlog of compliance requirements Lack of an integrated view of security and compliance across accounts 4 Lack of an integrated view
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security Hub overview
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The AWS security services ecosystem Protect Detect Respond Automate Investigate RecoverIdentify AWS Systems Manager AWS Config AWS Lambda Amazon CloudWatch Amazon Inspector Amazon Macie Amazon GuardDuty AWS Security Hub AWS IoT Device Defender KMSIAM AWS Single Sign-On Snapshot ArchiveAWS CloudTrail Amazon CloudWatch Amazon VPC AWS WAF AWS Shield AWS Secrets Manager AWS Firewall Manager AWS Organizations Personal Health Dashboard Amazon Route 53 AWS Direct Connect AWS Transit Gateway Amazon VPC PrivateLink AWS Step Functions Amazon Cloud Directory AWS CloudHSM AWS Certificate Manager AWS Control Tower AWS Service Catalog AWS Well- Architected Tool AWS Trusted Advisor Resource Access manager AWS Directory Service Amazon Cognito Amazon S3 Glacier AWS Security Hub AWS Systems Manager AWS Identity and Access Management (IAM)
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Generally available as of 6/24/19 Supported Regions (16) Asia Pacific (Mumbai) Asia Pacific (Seoul) Asia Pacific (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Canada (Central) EU (Frankfurt) EU (Ireland) EU (London) EU (Paris) EU (Stockholm) South America (São Paulo) US East (N. Virginia) US East (Ohio) US West (N. California) US West (Oregon) New features since preview began • 30-day free trial • Amazon CloudWatch Events • CIS compliance standard improvements • Tag-based access controls and cost allocation • AWS CloudFormation • Performance improvements
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Partner integrations Firewalls Vulnerability Taking action Endpoint Compliance MSSP Other
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS security finding format ~100 JSON-formatted fields Finding types 1. Sensitive data identifications 2. Software and configuration checks 3. Unusual behaviors 4. Tactics, techniques, and procedures (TTPs) 5. Effects
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Partner integration examples: CrowdStrike
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Partner integration examples: Alert Logic Customer Environment Alert Logic data ingestion, processing, and analytics 1. Inspected data is transported to Alert Logic’s data ingestion, processing, and analytics platform 2. Alert Logic’s threat detection and response capability analyzes the data and identifies incidents 3. An internal service (dedicated to Security Hub) assesses the incident for potential posting to Security Hub 4. The incident is then posted to the respective customer’s Security Hub console as a finding 1 2 3 4
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Setup and multi-account
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Compliance checks
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Insights
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Response and remediation Automation document AWS Step Functions Lambda function Rule CloudWatch Event Security Hub
  16. 16. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Some of our current customers
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 1: Centralized security and compliance workspace Goal Have a single pane of glass to view, triage, and take action on AWS security and compliance issues across accounts Personas SecOps, compliance, and/or DevSecOps teams focused on AWS, Cloud Centers of Excellence, the first security hire Key processes example 1. Ingest findings from finding providers 2. High-volume and well-known findings are programmatically routed to remediation workflows, which include updating the status of the finding 3. Remaining findings are routed to analysts via an on-call management system, and they use ticketing and chat systems to resolve them “Taking action” integrations Ticketing systems, chat systems, on-call management systems, SOAR platforms, customer-built remediation playbooks
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 2: Centralized routing to a SIEM Goal Easily route all AWS security and compliance findings in a normalized format to a centralized SIEM or log management tool Personas SecOps, compliance, and/or DevSecOps teams Key processes example 1. Ingest findings from finding providers 2. All findings are routed via CloudWatch Events to a central SIEM that stores AWS and on-premises security and compliance data 3. Analyst workflows are linked to the central SIEM “Taking action” integrations SIEM
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Use case 3: Dashboard for account owners Goal Provide visibility to AWS account owners on the security and compliance posture of their account Personas AWS account owners Key processes example 1. Ingest findings from finding providers 2. Account owners are given read-only access to Security Hub 3. Account owners can use Security Hub to research issues that they are ticketed on or proactively monitor their own security and compliance state “Taking action” integrations Chat, ticketing
  21. 21. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Taking action with Security Hub Security Hub Amazon CloudWatch Events Amazon GuardDuty Amazon Inspector Amazon Macie Third-party providers
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security Hub taking action partner integration
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Taking action on all findings
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Event pattern examples { “source”: [ “aws.securityhub” ], “detail-type”: [ “Security Hub Findings - Imported” ], “detail”: { “findings”: { “Resources”: { “Tags”: { “Environment”: [ “PCI” ] } } } } } Filter by tags
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Event pattern examples Filter by severity { “source”: [ “aws.securityhub” ], “detail-type”: [ “Security Hub Findings - Imported” ], “detail”: { “findings”: { “Severity”: { “Normalized”: [ 95, 96, 97, 98, 99, 100 ] }}}}
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Custom actions in Security Hub
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Custom actions in Security Hub
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Custom actions in Security Hub Rule Event { "source": [ "aws.securityhub" ], "resources": [ "arn:aws:securityhub:us-west- 2:xxxxxxxxxxxx:action/custom/SendToEmail" ] }
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Custom actions in Security Hub Rule Event Rule Event Rule Event Run command
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Custom actions in Security Hub
  32. 32. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key takeaways Automatically evaluate your compliance against key standards with one-click, frictionless enablement Centralize all of your findings via the AWS Security Finding Format without the need to parse and normalize them Prioritize findings using insights for efficient response and remediation Take action on findings automatically or semi-automatically using CloudWatch Events View and understand your security and compliance state in one place across all of your accounts
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Next steps Try the 30-day trial: https://console.aws.amazon.com/securityhub/ Become a partner: Contact us at securityhub-partners@amazon.com Learn more: https://aws.amazon.com/security-hub/
  35. 35. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ely Kahn elykahn@amazon.com Josh Hammer johammer@amazon.com

×