DEV Community

Cover image for Summary of AWS Security Hub updates announced at re:Invent 2023
Yuji Oshima for AWS Community Builders

Posted on • Originally published at yuj1osm.hatenablog.com

Summary of AWS Security Hub updates announced at re:Invent 2023

At AWS re:Invent 2023, there were many updates regarding AWS security services.
In this article, I will introduce updates to AWS Security Hub.

AWS Security Hub Control Customization

You can now customize the managed controls in the Security Hub.

For example, the default renewal interval for certificates issued by ACM is 30 days, but you can change to 45 or 60 days according to your organization's policies.

You can now customize security controls in AWS Security Hub

This can be set from "Customize Control Parameters" under "Custom Policies."

Image description

Security Hub controls are not always the best for an organization, so it is a nice update to be able to customize them for our organization.

AWS Security Hub Dashboard Enhancements

The summary dashboard widget can now be customized.

The dashboard can now be filtered by AWS account and resource tags, allowing you to customize the dashboard in a way that is easy for you to use.

Announcing major dashboard enhancements in AWS Security Hub

You can view threat and vulnerability rankings.

You can also drag and drop graphs from the widget on the right.

Image description

For operators, the ability to customize an unified dashboard to suit their purposes is a much appreciated feature.

This update makes the Security Hub much easier to use.

New centralized configuration feature in AWS Security Hub

Centralized configuration is now available from a delegated administrator account.

This allows for flexibility with specific standards and controls across accounts and regions.

For example, specific controls can be disabled on an organizational basis, or customization of control parameters can be applied only to specific accounts.

Announcing new central configuration capabilities in AWS Security Hub

To see the settings.

From the Security Hub, go to "Settings" and press "Start Central Configuration."

Image description

From "Region," select any region to which you want to apply the policy.

Image description

From "Configuration Type," select "Customize Security Hub Settings."

Image description

On the "Custom Policies", select "Disable Specific Controls" and select the controls you wish to disable.

Again, you can use the update "AWS Security Hub Control Customization" feature.

Image description

You can then specify to which organization or account the configured policy should be applied.

Image description

Finally, enter the name, description, and tags of the policy you have set up so far and you are done.

Image description

Previously, controls were enabled or disabled for individual member accounts, but with this update, they can be centrally managed, which will make operations easier.

Announcing the addition of new Findings in the AWS Security Hub

New metadata has been added to Findings to help prioritize responses and understand context.

Specifically, the AWS account name, resource tag, and application tag are assigned.

Announcing new finding enrichment in AWS Security Hub

From "Detection Results" in the Security Hub, "Details" shows the AWS account name and resource tag.

Image description

The same is shown in the JSON log.

Image description

If users wanted to add information to the detection results, they had to develop it, but with this update, it is no longer necessary to build it in.

For example, it used to be a time-consuming task to identify account names from account IDs in the logs, but now that the information is in the logs, it is easier to investigate.

This is a very welcome update for operators.

Summary

The Security Hub is essential to maintaining the security of an AWS environment, so I look forward to future updates.

Top comments (0)