AWS whitepapers documentation change
Summary
Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' throughout the document, including service lists, descriptions, and section headers, to reflect enhanced Cloud Security Posture Management capabilities.
Security assessment
The changes rebrand 'AWS Security Hub' to emphasize CSPM (Cloud Security Posture Management) capabilities, highlighting continuous security assessments and compliance frameworks. This clarifies the service's security focus but shows no evidence of addressing a specific vulnerability or incident.
Diff
diff --git a/whitepapers/latest/aws-overview/security-services.md b/whitepapers/latest/aws-overview/security-services.md index b88229830..974e542c5 100644 --- a//whitepapers/latest/aws-overview/security-services.md +++ b//whitepapers/latest/aws-overview/security-services.md @@ -5 +5 @@ -Amazon CognitoAmazon DetectiveAmazon GuardDutyAmazon InspectorAmazon MacieAmazon Security LakeAmazon Verified PermissionsAWS ArtifactAWS Audit ManagerAWS Certificate ManagerAWS CloudHSMAWS Directory ServiceAWS Firewall ManagerAWS Identity and Access ManagementAWS Key Management ServiceAWS Network FirewallAWS Resource Access ManagerAWS Secrets ManagerAWS Security HubAWS ShieldAWS IAM Identity CenterAWS WAFAWS WAF Captcha +Amazon CognitoAmazon DetectiveAmazon GuardDutyAmazon InspectorAmazon MacieAmazon Security LakeAmazon Verified PermissionsAWS ArtifactAWS Audit ManagerAWS Certificate ManagerAWS CloudHSMAWS Directory ServiceAWS Firewall ManagerAWS Identity and Access ManagementAWS Key Management ServiceAWS Network FirewallAWS Resource Access ManagerAWS Secrets ManagerAWS Security Hub CSPMAWS ShieldAWS IAM Identity CenterAWS WAFAWS WAF Captcha @@ -53 +53 @@ Each service is described after the diagram. To help you decide which service be - * AWS Security Hub + * AWS Security Hub CSPM @@ -80 +80 @@ With Amazon Cognito, you can focus on creating great app experiences instead of -AWS security services such as Amazon GuardDuty, Amazon Macie, and AWS Security Hub, as well as partner security products, can be used to identify potential security issues, or findings. These services are really helpful in alerting you when and where there is possible unauthorized access or suspicious behavior in your AWS deployment. However, sometimes there are security findings that you would like to perform deeper investigations of the events that led to the findings to remediate the root cause. Determining the root cause of security findings can be a complex process for security analysts that often involves collecting and combining logs from many data sources, using extract, transform, and load (ETL) tools, and custom scripting to organize the data. +AWS security services such as Amazon GuardDuty, Amazon Macie, and AWS Security Hub CSPM, as well as partner security products, can be used to identify potential security issues, or findings. These services are really helpful in alerting you when and where there is possible unauthorized access or suspicious behavior in your AWS deployment. However, sometimes there are security findings that you would like to perform deeper investigations of the events that led to the findings to remediate the root cause. Determining the root cause of security findings can be a complex process for security analysts that often involves collecting and combining logs from many data sources, using extract, transform, and load (ETL) tools, and custom scripting to organize the data. @@ -90 +90 @@ You can get started with Amazon Detective in just a few clicks in the AWS Manage -Enabled with a few clicks in the AWS Management Console and easily administrated organization-wide with its support of AWS Organizations, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of unauthorized use. GuardDuty identifies suspected attackers through integrated threat intelligence feeds and machine learning anomaly detection to detect anomalies in account and workload activity. When potential unauthorized use is detected, the service delivers a detailed finding to the GuardDuty console, Amazon CloudWatch Events, and AWS Security Hub. This makes findings actionable and easy to integrate into existing event management and workflow systems. Further investigation to determine the root cause of a finding is easily accomplished by using Amazon Detective directly from the GuardDuty console. +Enabled with a few clicks in the AWS Management Console and easily administrated organization-wide with its support of AWS Organizations, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of unauthorized use. GuardDuty identifies suspected attackers through integrated threat intelligence feeds and machine learning anomaly detection to detect anomalies in account and workload activity. When potential unauthorized use is detected, the service delivers a detailed finding to the GuardDuty console, Amazon CloudWatch Events, and AWS Security Hub CSPM. This makes findings actionable and easy to integrate into existing event management and workflow systems. Further investigation to determine the root cause of a finding is easily accomplished by using Amazon Detective directly from the GuardDuty console. @@ -98 +98 @@ Amazon GuardDuty is cost effective and easy to operate. It does not require you -Amazon Inspector has many improvements over Amazon Inspector Classic. For example, the new Amazon Inspector calculates a highly contextualized risk score for each finding by correlating common vulnerabilities and exposures (CVE) information with factors such as network access and exploitability. This score is used to prioritize the most critical vulnerabilities to improve remediation response efficiency. Additionally, Amazon Inspector now uses the widely deployed AWS Systems Manager Agent (SSM Agent) to eliminate the need for you to deploy and maintain a standalone agent to run Amazon EC2 instance assessments. For container workloads, Amazon Inspector is now integrated with Amazon Elastic Container Registry (Amazon ECR) to support intelligent, cost-efficient, and continual vulnerability assessments of container images. All findings are aggregated in the Amazon Inspector console, routed to AWS Security Hub, and pushed through Amazon EventBridge to automate workflows such as ticketing. +Amazon Inspector has many improvements over Amazon Inspector Classic. For example, the new Amazon Inspector calculates a highly contextualized risk score for each finding by correlating common vulnerabilities and exposures (CVE) information with factors such as network access and exploitability. This score is used to prioritize the most critical vulnerabilities to improve remediation response efficiency. Additionally, Amazon Inspector now uses the widely deployed AWS Systems Manager Agent (SSM Agent) to eliminate the need for you to deploy and maintain a standalone agent to run Amazon EC2 instance assessments. For container workloads, Amazon Inspector is now integrated with Amazon Elastic Container Registry (Amazon ECR) to support intelligent, cost-efficient, and continual vulnerability assessments of container images. All findings are aggregated in the Amazon Inspector console, routed to AWS Security Hub CSPM, and pushed through Amazon EventBridge to automate workflows such as ticketing. @@ -106 +106 @@ All accounts new to Amazon Inspector are eligible for a 15-day free trial to eva -In the multi-account configuration, a single Macie administrator account can manage all member accounts, including the creation and administration of sensitive data discovery jobs across accounts with AWS Organizations. Security and sensitive data discovery findings are aggregated in the Macie administrator account and sent to Amazon CloudWatch Events and AWS Security Hub. Now using one account, you can integrate with event management, workflow, and ticketing systems or use Macie findings with AWS Step Functions to automate remediation actions. You can quickly get started with Macie using the 30-day trial available to new accounts for S3 bucket inventory and bucket-level evaluation at no charge. Sensitive data discovery is not included in the 30-day trial for bucket evaluation. +In the multi-account configuration, a single Macie administrator account can manage all member accounts, including the creation and administration of sensitive data discovery jobs across accounts with AWS Organizations. Security and sensitive data discovery findings are aggregated in the Macie administrator account and sent to Amazon CloudWatch Events and AWS Security Hub CSPM. Now using one account, you can integrate with event management, workflow, and ticketing systems or use Macie findings with AWS Step Functions to automate remediation actions. You can quickly get started with Macie using the 30-day trial available to new accounts for S3 bucket inventory and bucket-level evaluation at no charge. Sensitive data discovery is not included in the 30-day trial for bucket evaluation. @@ -191 +191 @@ Many organizations use multiple accounts to create administrative or billing iso -## AWS Security Hub +## AWS Security Hub CSPM @@ -193 +193 @@ Many organizations use multiple accounts to create administrative or billing iso -[AWS Security Hub](https://aws.amazon.com/security-hub/) is a cloud security posture management service that performs automated, continuous security best practice checks against your AWS resources. Security Hub aggregates your security alerts (i.e. findings) from various AWS services and partner products in a standardized format so that you can more easily take action on them. To maintain a complete view of your security posture in AWS, you need to integrate multiple tools and services including threat detections from Amazon GuardDuty, vulnerabilities from Amazon Inspector, sensitive data classifications from Amazon Macie, resource configuration issues from AWS Config, and AWS Partner Network products. Security Hub simplifies how you understand and improve your security posture with automated security best practice checks powered by AWS Config rules and automated integrations with dozens of AWS services and partner products. +[AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) is a cloud security posture management service that performs automated, continuous security best practice checks against your AWS resources. Security Hub CSPM aggregates your security alerts (i.e. findings) from various AWS services and partner products in a standardized format so that you can more easily take action on them. To maintain a complete view of your security posture in AWS, you need to integrate multiple tools and services including threat detections from Amazon GuardDuty, vulnerabilities from Amazon Inspector, sensitive data classifications from Amazon Macie, resource configuration issues from AWS Config, and AWS Partner Network products. Security Hub CSPM simplifies how you understand and improve your security posture with automated security best practice checks powered by AWS Config rules and automated integrations with dozens of AWS services and partner products. @@ -195 +195 @@ Many organizations use multiple accounts to create administrative or billing iso -Security Hub enables you to understand your overall security posture via a consolidated security score across all of your AWS accounts, automatically assesses the security of your AWS accounts resources via the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) and other compliance frameworks. It also aggregates all of your security findings from [dozens of AWS security services and APN products](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html) in a single place and format via the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html), and reduces your Mean Time To Remediation (MTTR) with [automated response and remediation](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cloudwatch-events.html) support. Security Hub has out-of-the-box integrations with ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), threat investigation, Governance Risk and Compliance (GRC), and incident management tools to provide your users with a complete security operations workflow. +Security Hub CSPM enables you to understand your overall security posture via a consolidated security score across all of your AWS accounts, automatically assesses the security of your AWS accounts resources via the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) and other compliance frameworks. It also aggregates all of your security findings from [dozens of AWS security services and APN products](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html) in a single place and format via the [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html), and reduces your Mean Time To Remediation (MTTR) with [automated response and remediation](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cloudwatch-events.html) support. Security Hub CSPM has out-of-the-box integrations with ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), threat investigation, Governance Risk and Compliance (GRC), and incident management tools to provide your users with a complete security operations workflow. @@ -197 +197 @@ Security Hub enables you to understand your overall security posture via a conso -Getting started with Security Hub requires just a few clicks from the AWS Management Console to begin aggregating findings and conducting security checks using our 30-day free trial. You can integrate Security Hub with AWS Organizations to automatically enable the service in all accounts in your organization. +Getting started with Security Hub CSPM requires just a few clicks from the AWS Management Console to begin aggregating findings and conducting security checks using our 30-day free trial. You can integrate Security Hub CSPM with AWS Organizations to automatically enable the service in all accounts in your organization.