Summary of AWS Security Hub updates announced at re:Invent 2023
In this article, I will introduce AWS Security Hub updates announced at re:Invent 2023.
Published Jan 27, 2024
At AWS re:Invent 2023, there were many updates regarding AWS security services.
In this article, I will introduce updates to AWS Security Hub.
You can now customize the managed controls in the Security Hub.
For example, the default renewal interval for certificates issued by ACM is 30 days, but you can change to 45 or 60 days according to your organization's policies.
This can be set from "Customize Control Parameters" under "Custom Policies."
Security Hub controls are not always the best for an organization, so it is a nice update to be able to customize them for our organization.
The summary dashboard widget can now be customized.
The dashboard can now be filtered by AWS account and resource tags, allowing you to customize the dashboard in a way that is easy for you to use.
You can view threat and vulnerability rankings.
You can also drag and drop graphs from the widget on the right.
For operators, the ability to customize an unified dashboard to suit their purposes is a much appreciated feature.
This update makes the Security Hub much easier to use.
Centralized configuration is now available from a delegated administrator account.
This allows for flexibility with specific standards and controls across accounts and regions.
For example, specific controls can be disabled on an organizational basis, or customization of control parameters can be applied only to specific accounts.
To see the settings.
From the Security Hub, go to "Settings" and press "Start Central Configuration."
From "Region," select any region to which you want to apply the policy.
From "Configuration Type," select "Customize Security Hub Settings."
On the "Custom Policies", select "Disable Specific Controls" and select the controls you wish to disable.
Again, you can use the update "AWS Security Hub Control Customization" feature.
You can then specify to which organization or account the configured policy should be applied.
Finally, enter the name, description, and tags of the policy you have set up so far and you are done.
Previously, controls were enabled or disabled for individual member accounts, but with this update, they can be centrally managed, which will make operations easier.
New metadata has been added to Findings to help prioritize responses and understand context.
Specifically, the AWS account name, resource tag, and application tag are assigned.
From "Detection Results" in the Security Hub, "Details" shows the AWS account name and resource tag.
The same is shown in the JSON log.
If users wanted to add information to the detection results, they had to develop it, but with this update, it is no longer necessary to build it in.
For example, it used to be a time-consuming task to identify account names from account IDs in the logs, but now that the information is in the logs, it is easier to investigate.
This is a very welcome update for operators.
The Security Hub is essential to maintaining the security of an AWS environment, so I look forward to future updates.