SecOps Is Getting Real (Time)
AWS Security Hub and PagerDuty Power Real-Time Ops
Companies migrating to the cloud need to ensure they have a strong security posture and can meet compliance requirements. Along with ensuring compliance, companies also are faced with the challenge of tying together multiple security tools that generate a high volume of event data across disparate interfaces and platforms. To help address this challenge, a new security service was introduced at AWS re:Invent 2018: AWS Security Hub.
What Is AWS Security Hub?
Security Hub provides a single-pane-of-glass view of event data from AWS security services like Amazon GuardDuty, Amazon Macie, and Amazon Inspector. Additionally, with Security Hub, AWS provides the ability for users to plug in numerous third-party security tools, allowing them to continue using their preferred firewall or endpoint solution, and send event data to Security Hub to view alongside AWS native services.
AWS Security Hub + PagerDuty
Security Hub also performs compliance checks and helps teams create custom actions so they can take action quickly to prevent potential issues. When using the PagerDuty integration as part of their response and remediation processes within Security Hub, organizations can quickly set up a custom action that will send a GuardDuty Finding via CloudWatch Event rule to PagerDuty.
It’s very easy to set up a custom action within Security Hub settings, which empowers teams to select any identified security issues from AWS or third-party security tools and immediately create an incident within PagerDuty to notify the appropriate development and security teams, who can then investigate and orchestrate a response.
Along with our new integration for Security Hub, we announced several new AWS integrations at re:Invent 2018.