< ciso
brief />
Tag Banner

All news with #aws security hub tag

30 articles

AWS Security Hub adds internet Network Scanning

🔍 AWS Security Hub now includes Network Scanning to identify resources that are actually reachable from the public internet. The feature probes public IPs, VMs, and load balancers across AWS and Azure, detects reachable ports, and identifies services running behind them. Findings are created per reachable port and correlated by Security Hub Exposures to assess broader risk. Existing customers can enable the feature per account, region, or organization; it is enabled by default for new customers and included with Security Hub Essentials at no extra cost in supported commercial Regions.
read more →

AWS Security Hub adds impact analysis for exposures

🔍 Today, AWS Security Hub introduces impact analysis for exposure findings, enabling security teams to see the downstream resources an attacker could reach if an exposure is exploited. The feature maps privilege escalation paths by analyzing effective IAM permissions and displays potential attack paths in a graph. A new Impact Assessment tab prioritizes chains of compromise and shows the permissions at each step, while severity scores are adjusted to reflect downstream reach.
read more →

AWS Security Hub Adds Microsoft Azure Monitoring

🔒 AWS Security Hub now monitors Microsoft Azure resources, extending risk analytics, cloud security posture management, vulnerability management, and security response across both clouds. The service auto-discovers Azure VMs, ACR images, Function Apps, and identities, evaluating misconfigurations, internet exposure, and software vulnerabilities. Findings from AWS and Azure appear in a single prioritized view with consistent formats and automation workflows, and a 30-day free trial for Azure monitoring is available.
read more →

Palo Alto DNS Security Preview for Route 53 Resolver

🛡️ Amazon Web Services announces a preview integration of Palo Alto Networks Advanced DNS Security with Route 53 Resolver DNS Firewall. Security teams can now subscribe to PANW protections directly from the DNS Firewall console and apply categories like Command and Control, Malware, and Phishing without deploying separate firewalls. The integration supports hybrid traffic, AWS multi-account management, centralized visibility via AWS Security Hub, and preview availability across multiple regions.
read more →

Operationalizing AWS security: a maturity roadmap

🔒 This post outlines a practical, phased maturity roadmap for organizations that have enabled AWS Security Hub and Amazon GuardDuty. It emphasizes moving from enabled tooling to operational security practices by assessing current state, tuning signal quality, routing findings, automating safe remediations, and establishing a recurring operational cadence. Each phase includes goals, timelines, deliverables, and decision criteria to measure progress and reduce alert fatigue.
read more →

AWS Config adds internal service linked rules support

🔒 AWS Config now supports internal service linked rules, allowing AWS services to evaluate resource configurations using AWS Config managed rules. These rules let AWS services like AWS Security Hub CSPM deploy and manage service-specific evaluations, with results sent directly to the deploying service. Evaluations occur at no charge from AWS Config and run independently of customer-managed recorders and rules, preserving existing inventory and compliance workflows. The feature is available in commercial, GovCloud, and China Regions.
read more →

AWS Security Hub Adds Unused Identity Access Detection

🔐 AWS Security Hub now brings identity risk into the same unified console where central security teams manage threats, exposures, and posture findings. It detects unused IAM permissions, roles, and credentials across an AWS organization and correlates those identity findings with exposure context. When enabled, Security Hub automatically creates a service‑linked IAM Access Analyzer in each member account and evaluates 90 days of actual access activity. It also offers on‑demand recommended least‑privilege policies and is included in Security Hub Essentials at no additional cost.
read more →

AWS Security Hub Extended Expands Curated Partner Set

🔒 AWS Security Hub Extended adds 21 curated partner solutions across nine security categories, including SentinelOne, CyberArk, Sublime, Varonis, LayerX, Native Security, and Zenity. The plan centralizes procurement, billing, and support with pay-as-you-go pricing, a single AWS bill, automatic Enterprise Discount Program eligibility, unified Level 1 support for Enterprise customers, and no long-term commitments. Findings from participating solutions are emitted in the OCSF schema and aggregated in AWS Security Hub to accelerate cross-domain detection and response.
read more →

Security Hub Extended: A New Product-Led Adoption Model

🔒Security Hub Extended expands AWS Security Hub to include curated partner solutions in a single, unified console. Customers can discover, evaluate, and deploy vendor products with one click and pay-as-you-go pricing on their AWS bill, avoiding lengthy procurement and multi-year commitments. Integrated onboarding, OCSF-normalized findings, and AWS-native correlation surface combined attack paths and risk scoring. The offering launched in February 2026 with an expanding partner ecosystem.
read more →

Technical Walkthrough: AWS Security Hub Extended, Multicloud

🔒 AWS Security Hub Extended consolidates AWS and curated partner security services into a unified, pay-as-you-go offering for multicloud full-stack protection. It centralizes procurement, billing, and operations across endpoint, identity, email, network, data, browser, cloud, and AI protections while integrating findings in OCSF format. Customers can onboard via the AWS Console, assign delegated administrator accounts for centralized management, and route normalized findings to tools such as Splunk and 7AI for coordinated response.
read more →

Amazon CloudWatch Ingests AWS Security Hub Findings

🔔 Amazon CloudWatch now ingests AWS Security Hub CSPM findings into CloudWatch Logs, supporting both ASFF and OCSF schemas via CloudWatch Pipelines. Customers can query findings with CloudWatch Logs Insights, create metric filters for monitoring, and use Amazon S3 Tables for advanced analytics and reporting. Organization-level enablement rules allow automatic delivery to all accounts or selected groups, standardizing monitoring coverage. Findings delivery is available in all AWS commercial regions and is charged under tiered CloudWatch pricing.
read more →

AWS Security Hub Now Available in GovCloud US Regions

🔒 AWS Security Hub is now available in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. Security Hub offers a unified cloud security posture by correlating and enriching signals from Amazon GuardDuty, Amazon Inspector, and Security Hub CSPM to prioritize active risks. The service delivers near‑real‑time risk analytics, exposure findings, automated response workflows, attack path visualization, and centralized organization-wide deployment with streamlined pricing for improved cost predictability.
read more →

Managing the AMI Lifecycle with AMI Lineage on AWS

🛡️ This post presents the AMI Lineage solution to help organizations track and govern Amazon Machine Images (AMIs) across AWS. It explains how AWS lineage metadata (announced at the end of 2024) can be combined with a centralized Amazon Neptune graph, EventBridge, Lambda, API Gateway, and Security Hub to validate image origins, enforce SCPs, and assess CVE impact. The architecture uses a three-account model (management, security tooling, member) to centralize sensitive processing, automate compliance checks, and provide queryable lineage and remediation workflows for security teams.
read more →

AWS Security Hub Expands to Unify Multicloud Operations

🔒 AWS announced a major expansion of AWS Security Hub, repositioning it as a unified security operations solution that aggregates signals from across the stack and across clouds. The service now consolidates findings from services such as Amazon GuardDuty, Amazon Inspector, Security Hub CSPM, and Amazon Macie into a single pane for prioritized risk analytics. An Extended plan simplifies procurement and partner integrations, with AWS as seller of record and pay-as-you-go billing. AWS says forthcoming multicloud capabilities will add a common data layer, unified policies, expanded vulnerability scanning, and external network exposure checks.
read more →

AWS Shield Network Security Director Findings in SecurityHub

🔔 AWS Shield now surfaces network security director findings in AWS Security Hub, giving centralized visibility into missing or misconfigured network controls across an AWS Organization. The capability detects gaps in services such as AWS WAF, VPC security groups, and VPC network ACLs and provides remediation recommendations. Findings also appear in the Security Hub Inventory, and severity is determined by the misconfiguration combined with the resource's network topology.
read more →

AWS Security Hub Extended: Unified Pay-as-You-Go Plan

🔒 AWS Security Hub Extended is now generally available, offering a single-vendor plan that combines AWS detection services with curated partner security solutions on a pay-as-you-go or flat-rate basis. The plan consolidates procurement and billing—AWS serves as seller of record and Enterprise Support customers receive unified Level 1 support. It centralizes findings in a standard format for cross-tool visibility, reduces manual integration work, and lets organizations add or remove categories such as endpoint, identity, email, network, data, browser, cloud, AI, and security operations without long-term commitments.
read more →

Getting Started with Security Response Automation on AWS

🛡️ AWS outlines core concepts and a hands-on walkthrough for implementing security response automation to detect and remediate threats across AWS environments. The post maps automation to the NIST Cybersecurity Framework and demonstrates a CloudFormation deployment using EventBridge, Lambda, GuardDuty, and Security Hub to automatically restart CloudTrail and notify operators. It also highlights the Automated Security Response library, testing guidance, and cost and cleanup considerations.
read more →

Serverless File Integrity Monitoring with AWS Tools

🔒 This post demonstrates a serverless file integrity monitoring (FIM) pattern using AWS Systems Manager Inventory, Amazon S3, Lambda, and Amazon Security Lake. It collects file metadata from EC2 instances, exports versioned inventory objects to S3, and uses S3 Put events to trigger a Lambda that compares current and previous inventory versions to detect created, modified, or deleted files. When unauthorized changes are found, the function generates ASFF findings in AWS Security Hub, which Security Lake ingests and normalizes for query and visualization via Athena, QuickSight, or OpenSearch.
read more →

AWS Security Hub Automation and Orchestration for Scale

⚙️AWS has made the enhanced AWS Security Hub generally available, adding automation features to centralize and accelerate handling of security findings across accounts and Regions. The update integrates Security Hub CSPM into detection engines and provides real-time risk analytics, automated correlation, and enriched context to prioritize critical issues. Automation rules and integrations with EventBridge, Lambda, and ITSM tools like ServiceNow enable remediation, routing, and evidence collection to reduce manual triage and support compliance.
read more →

AWS Control Tower Adds 176 Security Hub Controls in Catalog

🔒 AWS announces that AWS Control Tower now includes 176 additional AWS Security Hub controls in its Control Catalog. You can search, discover, enable and manage these controls directly from the Control Tower console or via the ListControls, GetControl and EnableControl APIs. The new AWS Config rules are searchable in all Regions where Control Tower is available, including AWS GovCloud (US); check each rule's supported-region list before deployment.
read more →