What is AWS Security Hub?
AWS Security Hub is a unified cloud security operations platform that brings together security signals from your entire AWS environment as well as partner solutions. Its core capability is automated correlation: the service links configuration findings from Security Hub CSPM with vulnerability findings from Amazon Inspector and data risk findings from Amazon Macie into exposure findings that reflect real attack context, such as a publicly reachable instance with an exploitable vulnerability and broad permissions.
Security Hub solves the problem of fragmented security data. Without a central service, you would need to manually correlate findings from dozens of AWS services and third-party tools. Security Hub consolidates everything in one dashboard with prioritized risk assessments instead of a plain list of individual findings.
Core Features
- Central Aggregation: Findings from AWS security services and partner solutions in one place, normalized into the AWS Security Finding Format
- Exposure Findings: Automatic correlation of CSPM, Inspector, and Macie signals into prioritized, context-rich risk chains
- Security Hub CSPM: Continuous compliance checks against CIS, PCI DSS, and AWS Foundational Security Best Practices
- Near-Real-Time Risk Analytics: Ongoing risk reassessment based on new signals
- Automation: Automation rules and EventBridge integration for remediation workflows
Typical Use Cases
Compliance Monitoring
Security Hub CSPM continuously checks your AWS configuration against compliance standards. Enable the desired standards and get an overview of deviations along with remediation guidance. Ideal for regulated industries.
Prioritized Security Dashboard
Aggregate security findings from all AWS accounts and regions. Through exposure findings, Security Hub highlights the combinations of vulnerabilities, misconfigurations, and permissions that pose the greatest real risk, instead of an unsorted list of individual findings.
Automated Remediation
Configure automatic responses to security findings. For an open security group, trigger a Lambda function for automatic closure. For compromised credentials, rotate them via Secrets Manager. Automation rules speed up the implementation of recurring actions.
Benefits
- Prioritized risk assessment instead of unsorted individual findings, via exposure findings
- Automated compliance checks against recognized standards
- Integration with AWS security services and partner solutions
- Automated remediation reduces mean time to resolution
Integration with innFactory
As an AWS Reseller, innFactory supports you with AWS Security Hub: activation and configuration of Security Hub and Security Hub CSPM, custom insights for your requirements, remediation automation, and integration into existing SIEM systems.
Typical Use Cases
Frequently Asked Questions
What is AWS Security Hub?
AWS Security Hub is a unified cloud security operations platform that correlates and prioritizes security signals from AWS services and partner solutions. Through exposure findings, it links signals from Security Hub CSPM, Amazon Inspector, and Amazon Macie to surface critical risk chains, for example an internet-reachable EC2 instance with an exploitable vulnerability and broad IAM permissions.
What is the difference between Security Hub and Security Hub CSPM?
Security Hub CSPM is the Cloud Security Posture Management component: it continuously checks configurations against standards such as the CIS AWS Foundations Benchmark, PCI DSS, and AWS Foundational Security Best Practices. AWS Security Hub is the overarching platform that combines CSPM findings with results from Inspector, Macie, and other sources into prioritized, context-rich risk assessments.
Which compliance standards are supported?
Security Hub CSPM supports standards including the CIS AWS Foundations Benchmark, AWS Foundational Security Best Practices, and PCI DSS in several versions. Automated checks continuously verify your AWS resources against these standards; refer to the official documentation for the current list including version numbers.
How does integration with other security services work?
Security Hub automatically ingests findings from Security Hub CSPM, Amazon Inspector, Amazon Macie, other AWS security services, and partner integrations. All findings are normalized into the AWS Security Finding Format and automatically correlated and enriched to produce exposure findings.
How do I automate remediation?
Security Hub integrates with EventBridge and native automation rules for automated workflows. On new findings, you can trigger Lambda functions, start Systems Manager Automation, or create tickets in third-party systems to quickly fix recurring misconfigurations.
Note: All product information on this page has been compiled with care, but is provided without guarantee and may be outdated or incomplete. Cloud services evolve rapidly — features, pricing, SLAs, and availability change frequently. Authoritative and up-to-date information can only be found on the official product page of AWS (official documentation). This page does not represent an offer by AWS.