One of the challenges every security and audit professional has is collecting information from multiple sources, and then making sense of that information to determine if there is an action to take. AWS is not different.
You can also listen to this article by clicking this link.
There is AWS Guard Duty, which continuously monitors the VPC flow logs, CloudTrail logs and DNS logs for malicious activity. Guard Duty is intelligent threat detection which can be combined with Lambda functions to perform automated actions.
Next is AWS Inspector, which is an automated security assessment service which can assess applications for exposures, vulnerabilities or non-compliance with best practices.
AWS Macie uses machine learning to discover and protect sensitive data within your account. And, let’s not forget AWS Config, which is constantly scanning for changes in your resources, evaluating those changes and providing an audit trail of the changes.
Finally, the really low level services like VPC Flow logs, and CloudTrail.
The goal of this article is not to discuss each of those services in detail, but to discuss AWS Security Hub. Because Security Hub is still in Preview mode, there is limited documentation available.
