SecOps for the Cloud: PagerDuty and AWS Security Hub

by Andrew Marshall June 27, 2019 | 5 min read

This week at re:Inforce in Boston, the AWS team showed off its Security Hub service—a powerful service that provides SecOps teams a comprehensive view of their high-priority security alerts and compliance status across their AWS accounts. We’re excited to join AWS at re:Inforce this week as a Security Hub partner, where we’ll show users how PagerDuty and AWS Security Hub work together to provide real-time SecOps to any team using AWS.

The Latest Powerful Integration for AWS

PagerDuty’s digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action. At AWS re:Invent last fall, we had the opportunity to show AWS users how they can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence. PagerDuty users undertaking a cloud migration project can move quickly while decreasing the impact of issues that occur throughout the migration lifecycle.

PagerDuty + AWS Security Hub

When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues. Security Hub is driven by event data from AWS security services like Amazon GuardDuty, Amazon Macie, and Amazon Inspector. On top of these AWS data sources, Security Hub lets users pull in data from third-party security tools, which helps create a more comprehensive security picture for SecOps teams. The service allows you to use your preferred firewall or endpoint solutions while still sending event data to Security Hub. This security aggregation, when paired with PagerDuty’s platform for real-time operations, allows teams to then act on and automate security responses based on real-time events.

It’s also possible to set up an Event Rule within AWS CloudWatch that scans for and automatically sends anything related to AWS Security Hub to PagerDuty for action via Amazon Simple Notification Service (SNS).

On Top of Compliance

Security compliance is critical—and increasingly complex for enterprises using on-prem, cloud, or hybrid infrastructure. AWS Security Hub was designed with this in mind and it includes the Center for Internet Security (CIS) benchmarks in its service. The CIS benchmark is one of the sets of security configurations that Security Hub checks for and PagerDuty can act on. Developers and other teams can be instantly alerted by PagerDuty when something falls out of compliance, automatically triggering the appropriate incident response.

Use Security Tools to Take Action

Recently at the RSA Conference, PagerDuty highlighted our integrations for a wide range of security tools in AppSec/Cloud, SIEM, SOAR (Security Orchestration Automation & Response), and Vulnerability use areas. These third-party tools allow PagerDuty customers to take real-time action and remediation steps based on security data from across the company. AWS Security Hub connects with a wide range of security tools, such as Qualys Vulnerability Management, to augment their dataset with third-party insights. To give users a more complete picture of security and compliance, PagerDuty uses this data to allow teams to couple data from third-party security tool sources with native AWS service data.

Security Can’t Wait for Your Migration

Teams that are planning or already executing a cloud migration need to ensure they have a strong security posture throughout the process (and after, obviously) and are always meeting compliance requirements. Along with ensuring compliance, companies are further faced with the challenge of tying together multiple security tools that generate a high volume of event data across disparate interfaces and platforms. This is where AWS Security Hub and PagerDuty come in. PagerDuty Event Intelligence allows teams to cut through the noise and act on the security issues that matter rather than a string of disconnected alerts. When you’re already facing the challenge of cloud migration, this functionality can be critical to maintaining business continuity.

AWS Security Hub and PagerDuty Power Real-Time SecOps

Security Hub performs compliance checks and helps teams create custom actions so they can take action quickly to prevent potential issues. When coupled with PagerDuty, the response and remediation processes can be powered by a custom action that will send a GuardDuty Finding via a CloudWatch Event rule to PagerDuty. For users, setting this up is pretty easy. The user sets up a custom action within Security Hub that lets them pick any of the identified security issues from both AWS and other security tools and automatically create an incident in PagerDuty. PagerDuty will then notify the right security response team, providing them the breadth of PagerDuty’s powerful incident resolution functionality and AI-driven event intelligence.

At re:Inforce This Week?

Come see us at an AWS Workshop! If you’re lucky enough to be in Boston at re:Inforce this week, you can find out how PagerDuty uses AWS Security Hub to provide real-time SecOps functionality at a Security Hub hands-on workshop.

Ready to Get Started Now?

If you’re ready to get started, please check out this blog by Scott Ward (Partner Solutions Architect at AWS) that outlines exactly how to get started with PagerDuty for AWS Security Hub. You can also find out more about PagerDuty’s powerful AWS integrations and start a free trial, or see how our AWS integrations work for yourself using the below resources: