AWS Security Hub and Deep Security

Deep Security and AWS Security Hub integration

One of the biggest challenges in maintaining your security posture is visibility. You have security controls deployed throughout the stack, and each fo these tools is generating its own set of data points and has its own view of your deployment.

Managing the multitude of alerts and events from these tools can quickly get overwhelming. Enter AWS Security Hub.

Announced at AWS re:Invent 2018, this service is available to all aws users as a public preview. Trend Micro is product to be a supporting launch partner by allowing customers to send high value findings from Deep Security to this exciting new service.

What is AWS Security Hub?

AWS Security Hub provides a comprehensive view of your high priority security alerts and compliance status for your AWS deployment. By combining data from Amazon GuardDuty, Amazon Inspector, and Amazon Macie along with a host of APN partner solutions, the AWS Security Hub is a one-stop shop for security visibility.

Each data source provides various findings relevant to the tool. Amazon Macie will send findings related to data within Amazon S3 buckets it monitors, Amazon GuardDuty will provide findings based on the assessments it runs on your Amazon EC2 Instances, and so forth.

This not only helps you gain visibility and respond to incidents but also helps you monitor ongoing compliance requirements with automated checks against the Center for Internet Security (CIS) AWS Foundations Benchmark.

AWS Security Hub workflow

AWS Security Hub not only brings together this information across your AWS accounts but it prioritizes these findings to help you spot trends, identify potential issues, and take the relevant steps to protect your AWS deployments.

You can read more about AWS Security Hub on the AWS blog.

Instance Security Data

Trend Micro’s Deep Security offers a host of security controls to protect your Amazon EC2 instances and Amazon ECS hosts, helping you to fulfill your responsibilities under the shared responsibility model.

By providing technical controls like intrusion prevention, anti-malware, application control, and others, Deep Security lets you roll out one security tool to address all of your security and compliance requirements.

Read more about the specifics of Deep Security deployed in AWS on the Trend Micro AWS microsite.

As it sits protecting the instance, Deep Security generates a lot of useful security information for compliance, incident response, and forensics. With the integration with AWS Security Hub, high priority information generated by Deep Security will be sent to the service in order to centralize and simplify the view of your deployment’s security across multiple AWS services and APN solutions.

This complements the suite of existing AWS security services and existing Deep Security integrations with AWS WAF, Amazon GuardDuty, Amazon Macie, and Amazon Inspector helping to bring together all of your critical AWS security data in one, simple to use service.

Next Steps

The Deep Security integration with the AWS Security Hub is available today on GitHub. This simple integration runs as an AWS Lambda function in your account, sending high priority security events to the new service.

Get started today in just a few minutes with a few easy steps!