< ciso
brief />
Tag Banner

All news with #aws security hub tag

30 articles · page 2 of 2

AWS Control Tower Adds 176 Security Hub Controls in Catalog

🔐 Today, AWS Control Tower adds 176 additional AWS Security Hub controls to the Control Catalog, enabling you to search, discover, enable, and manage them directly from the Control Tower console. You can also call the ListControls, GetControl, and EnableControl APIs to automate governance across multi-account environments. New AWS Config rules are searchable in all Regions where Control Tower is available, including AWS GovCloud (US); check each rule's supported regions before deployment.
read more →

AWS Security Hub Automation Rule Migration: CSPM to OCSF

🔁 This post explains a Python-based solution to migrate automation rules from Security Hub CSPM (ASFF) to the new Security Hub that adopts the open OCSF schema. The toolkit discovers rules across specified Regions, evaluates each rule against predefined ASFF→OCSF field mappings, and converts compatible rules into a CloudFormation template preserving order and Regional context. Actions or criteria without OCSF equivalents are flagged or partially migrated; migrated rules are created in a DISABLED state by default to allow review and testing. The package includes discovery, transformation, and template-generation scripts plus a migration report to guide manual adjustments.
read more →

AWS unveils AI-driven security enhancements at re:Invent

🔒 AWS announced a suite of AI- and automation-driven security features at re:Invent 2025 designed to shift cloud protection from reactive response to proactive prevention. AWS Security Agent and agentic incident response add continuous code review and automated investigations, while ML enhancements in GuardDuty and near real-time analytics in Security Hub improve multi-stage threat detection. Agent-centric IAM tools, including policy autopilot and private sign-in routes, streamline permissions and enforce granular, zero-trust access for agents and workloads.
read more →

AWS Security Hub Adds Near Real-Time Risk Analytics

🔒 AWS announces general availability of AWS Security Hub, adding near real-time risk analytics, advanced trends, unified enablement, and streamlined pricing across AWS security services. Security Hub correlates and enriches signals from Amazon GuardDuty, Amazon Inspector, and AWS Security Hub CSPM to surface and prioritize active risks. Centralized deployment across AWS Organizations, attack-path visualization, and automated workflows reduce manual correlation and speed remediation at scale.
read more →

Amazon Managed Prometheus Collector Adds MSK Support

📈 The Amazon Managed Service for Prometheus collector now supports discovery and scraping of Prometheus metrics from Amazon Managed Streaming for Apache Kafka (MSK) clusters without deploying agents. The agentless collector can target metrics exposed via the JMX exporter and the Node exporter, covering host-level, JVM-level, and broker-specific telemetry. This simplifies open monitoring for MSK, improves availability and scalability, and is available in all commercial regions where the service is offered.
read more →

AWS Security Hub CSPM Adds CIS AWS Foundations v5.0

🛡️ AWS Security Hub CSPM now supports the CIS AWS Foundations Benchmark v5.0, introducing 40 automated configuration checks aligned to the industry standard. The new standard is available in all Regions where Security Hub CSPM operates, including AWS GovCloud (US) and the China Regions. AWS recommends using Security Hub CSPM central configuration to enable the standard across selected accounts and Regions with a single action. Customers can subscribe to the CSPM SNS topic for updates and try Security Hub free for 30 days.
read more →

Planning and Running an AWS Security Hub POC Guide

🔒 This post explains how to plan and implement an AWS Security Hub proof of concept (POC) to evaluate unified cloud security operations. It outlines steps to define success criteria, configure integrations with GuardDuty, Amazon Inspector, Macie, and Security Hub CSPM, and to prepare, enable, and validate the deployment. The guidance recommends using overlapping trial periods, adopting the OCSF standard for normalized findings, and leveraging automation and ticketing integrations to measure operational impact.
read more →

Optimize Security Operations with AWS Incident Response

🔒 AWS Security Incident Response provides an AWS-native incident management capability that combines automated triage, threat intelligence, and customer metadata to surface and prioritize genuine threats. The service integrates with Amazon GuardDuty, AWS Security Hub, and select third-party detections, and offers a unified console with 24/7 access to the AWS Customer Incident Response Team (CIRT). It supports delegated administration, organization-wide coverage, and immutable case timelines. Included with Amazon Managed Services (AMS), it accelerates investigation and containment to reduce mean time to resolution.
read more →

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.
read more →

AWS Security Incident Response: Accelerating IR Lifecycle

🛡️ AWS Security Incident Response is a Tier 1, AWS-native service launched in December 2024 to accelerate detection, triage, and containment of security incidents. It integrates with Amazon GuardDuty, AWS Security Hub, and AWS Systems Manager, supports partner integrations, and enables escalation to AWS CIRT. The service centralizes findings, automates monitoring and intelligent triage to reduce false positives, and offers prebuilt containment playbooks and APIs to compress MTTR and coordinate cross-account response.
read more →