All news with #aws security hub tag

🔐 AWS Security Hub now brings identity risk into the same unified console where central security teams manage threats, exposures, and posture findings. It detects unused IAM permissions, roles, and credentials across an AWS organization and correlates those identity findings with exposure context. When enabled, Security Hub automatically creates a service‑linked IAM Access Analyzer in each member account and evaluates 90 days of actual access activity. It also offers on‑demand recommended least‑privilege policies and is included in Security Hub Essentials at no additional cost.

🔒 AWS Security Hub Extended adds 21 curated partner solutions across nine security categories, including SentinelOne, CyberArk, Sublime, Varonis, LayerX, Native Security, and Zenity. The plan centralizes procurement, billing, and support with pay-as-you-go pricing, a single AWS bill, automatic Enterprise Discount Program eligibility, unified Level 1 support for Enterprise customers, and no long-term commitments. Findings from participating solutions are emitted in the OCSF schema and aggregated in AWS Security Hub to accelerate cross-domain detection and response.

🔒Security Hub Extended expands AWS Security Hub to include curated partner solutions in a single, unified console. Customers can discover, evaluate, and deploy vendor products with one click and pay-as-you-go pricing on their AWS bill, avoiding lengthy procurement and multi-year commitments. Integrated onboarding, OCSF-normalized findings, and AWS-native correlation surface combined attack paths and risk scoring. The offering launched in February 2026 with an expanding partner ecosystem.

🔒 AWS Security Hub Extended consolidates AWS and curated partner security services into a unified, pay-as-you-go offering for multicloud full-stack protection. It centralizes procurement, billing, and operations across endpoint, identity, email, network, data, browser, cloud, and AI protections while integrating findings in OCSF format. Customers can onboard via the AWS Console, assign delegated administrator accounts for centralized management, and route normalized findings to tools such as Splunk and 7AI for coordinated response.

🔔 Amazon CloudWatch now ingests AWS Security Hub CSPM findings into CloudWatch Logs, supporting both ASFF and OCSF schemas via CloudWatch Pipelines. Customers can query findings with CloudWatch Logs Insights, create metric filters for monitoring, and use Amazon S3 Tables for advanced analytics and reporting. Organization-level enablement rules allow automatic delivery to all accounts or selected groups, standardizing monitoring coverage. Findings delivery is available in all AWS commercial regions and is charged under tiered CloudWatch pricing.

🔒 AWS Security Hub is now available in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. Security Hub offers a unified cloud security posture by correlating and enriching signals from Amazon GuardDuty, Amazon Inspector, and Security Hub CSPM to prioritize active risks. The service delivers near‑real‑time risk analytics, exposure findings, automated response workflows, attack path visualization, and centralized organization-wide deployment with streamlined pricing for improved cost predictability.

🛡️ This post presents the AMI Lineage solution to help organizations track and govern Amazon Machine Images (AMIs) across AWS. It explains how AWS lineage metadata (announced at the end of 2024) can be combined with a centralized Amazon Neptune graph, EventBridge, Lambda, API Gateway, and Security Hub to validate image origins, enforce SCPs, and assess CVE impact. The architecture uses a three-account model (management, security tooling, member) to centralize sensitive processing, automate compliance checks, and provide queryable lineage and remediation workflows for security teams.

🔒 AWS announced a major expansion of AWS Security Hub, repositioning it as a unified security operations solution that aggregates signals from across the stack and across clouds. The service now consolidates findings from services such as Amazon GuardDuty, Amazon Inspector, Security Hub CSPM, and Amazon Macie into a single pane for prioritized risk analytics. An Extended plan simplifies procurement and partner integrations, with AWS as seller of record and pay-as-you-go billing. AWS says forthcoming multicloud capabilities will add a common data layer, unified policies, expanded vulnerability scanning, and external network exposure checks.

🔔 AWS Shield now surfaces network security director findings in AWS Security Hub, giving centralized visibility into missing or misconfigured network controls across an AWS Organization. The capability detects gaps in services such as AWS WAF, VPC security groups, and VPC network ACLs and provides remediation recommendations. Findings also appear in the Security Hub Inventory, and severity is determined by the misconfiguration combined with the resource's network topology.

🔒 AWS Security Hub Extended is now generally available, offering a single-vendor plan that combines AWS detection services with curated partner security solutions on a pay-as-you-go or flat-rate basis. The plan consolidates procurement and billing—AWS serves as seller of record and Enterprise Support customers receive unified Level 1 support. It centralizes findings in a standard format for cross-tool visibility, reduces manual integration work, and lets organizations add or remove categories such as endpoint, identity, email, network, data, browser, cloud, AI, and security operations without long-term commitments.

🛡️ AWS outlines core concepts and a hands-on walkthrough for implementing security response automation to detect and remediate threats across AWS environments. The post maps automation to the NIST Cybersecurity Framework and demonstrates a CloudFormation deployment using EventBridge, Lambda, GuardDuty, and Security Hub to automatically restart CloudTrail and notify operators. It also highlights the Automated Security Response library, testing guidance, and cost and cleanup considerations.

🔒 This post demonstrates a serverless file integrity monitoring (FIM) pattern using AWS Systems Manager Inventory, Amazon S3, Lambda, and Amazon Security Lake. It collects file metadata from EC2 instances, exports versioned inventory objects to S3, and uses S3 Put events to trigger a Lambda that compares current and previous inventory versions to detect created, modified, or deleted files. When unauthorized changes are found, the function generates ASFF findings in AWS Security Hub, which Security Lake ingests and normalizes for query and visualization via Athena, QuickSight, or OpenSearch.

⚙️AWS has made the enhanced AWS Security Hub generally available, adding automation features to centralize and accelerate handling of security findings across accounts and Regions. The update integrates Security Hub CSPM into detection engines and provides real-time risk analytics, automated correlation, and enriched context to prioritize critical issues. Automation rules and integrations with EventBridge, Lambda, and ITSM tools like ServiceNow enable remediation, routing, and evidence collection to reduce manual triage and support compliance.

🔒 AWS announces that AWS Control Tower now includes 176 additional AWS Security Hub controls in its Control Catalog. You can search, discover, enable and manage these controls directly from the Control Tower console or via the ListControls, GetControl and EnableControl APIs. The new AWS Config rules are searchable in all Regions where Control Tower is available, including AWS GovCloud (US); check each rule's supported-region list before deployment.

🔐 Today, AWS Control Tower adds 176 additional AWS Security Hub controls to the Control Catalog, enabling you to search, discover, enable, and manage them directly from the Control Tower console. You can also call the ListControls, GetControl, and EnableControl APIs to automate governance across multi-account environments. New AWS Config rules are searchable in all Regions where Control Tower is available, including AWS GovCloud (US); check each rule's supported regions before deployment.

🔁 This post explains a Python-based solution to migrate automation rules from Security Hub CSPM (ASFF) to the new Security Hub that adopts the open OCSF schema. The toolkit discovers rules across specified Regions, evaluates each rule against predefined ASFF→OCSF field mappings, and converts compatible rules into a CloudFormation template preserving order and Regional context. Actions or criteria without OCSF equivalents are flagged or partially migrated; migrated rules are created in a DISABLED state by default to allow review and testing. The package includes discovery, transformation, and template-generation scripts plus a migration report to guide manual adjustments.

🔒 AWS announced a suite of AI- and automation-driven security features at re:Invent 2025 designed to shift cloud protection from reactive response to proactive prevention. AWS Security Agent and agentic incident response add continuous code review and automated investigations, while ML enhancements in GuardDuty and near real-time analytics in Security Hub improve multi-stage threat detection. Agent-centric IAM tools, including policy autopilot and private sign-in routes, streamline permissions and enforce granular, zero-trust access for agents and workloads.

🔒 AWS announces general availability of AWS Security Hub, adding near real-time risk analytics, advanced trends, unified enablement, and streamlined pricing across AWS security services. Security Hub correlates and enriches signals from Amazon GuardDuty, Amazon Inspector, and AWS Security Hub CSPM to surface and prioritize active risks. Centralized deployment across AWS Organizations, attack-path visualization, and automated workflows reduce manual correlation and speed remediation at scale.

📈 The Amazon Managed Service for Prometheus collector now supports discovery and scraping of Prometheus metrics from Amazon Managed Streaming for Apache Kafka (MSK) clusters without deploying agents. The agentless collector can target metrics exposed via the JMX exporter and the Node exporter, covering host-level, JVM-level, and broker-specific telemetry. This simplifies open monitoring for MSK, improves availability and scalability, and is available in all commercial regions where the service is offered.

🛡️ AWS Security Hub CSPM now supports the CIS AWS Foundations Benchmark v5.0, introducing 40 automated configuration checks aligned to the industry standard. The new standard is available in all Regions where Security Hub CSPM operates, including AWS GovCloud (US) and the China Regions. AWS recommends using Security Hub CSPM central configuration to enable the standard across selected accounts and Regions with a single action. Customers can subscribe to the CSPM SNS topic for updates and try Security Hub free for 30 days.