AWS Security Hub integrations
Security is essential for every organization, that’s why Automat-IT pays great attention to it during project delivery and well-architected review. AWS has several really impressive security related services that help us build a safe infrastructure and continuously monitor compliance. In the previous post we demonstrated how to enable AWS Security Hub for a multi-account AWS environment. We suggest our customers enable AWS Security Hub along with given integrations, like GuardDuty, Inspector, Macie, Detective, IAM Access Analyzer, Audit Manager and Chatbot, which will be described in this post.
Amazon GuardDuty integration
Automat-IT enables Amazon GuardDuty by default in every project since the service was released. We described how we deploy this thread detection system in a multi-account AWS environment in the previous post. Here we will look at GuardDuty integration into AWS Security Hub.
Once you enable Amazon GuardDuty and AWS Security Hub, findings are automatically delivered to the Security Hub console.
Amazon GuardDuty findings from all accounts within AWS Organizations are displayed in the AWS Security Hub console in the central Audic account.
Amazon Macie integration
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII).
Amazon Macie allows the centralized account as we have in GuardDuty. Audit account is central for Amazon Macie and member accounts are invited to join.
Summary shows overall status for S3 service including public access and encryption configuration.
Moreover Amazon Macie allows to run Scheduled or One-time jobs and scan objects for sensitive data in selected buckets.
In the following example the scanning job has found several issued, including personal data and credentials in txt files and zip archives:
When we downloaded the mentioned zip archive with a finding “Credentials”, we saw a private key inside.
Once you enable Amazon Macie and AWS Security Hub, findings are automatically delivered to the Security Hub console.