1 00:00:00,540 --> 00:00:03,240 ‫Now let's talk about the AWS Security Hub. 2 00:00:03,240 --> 00:00:07,000 ‫So this is a way for you to have a central security tool 3 00:00:07,000 --> 00:00:09,850 ‫to manage security across different AWS accounts, 4 00:00:09,850 --> 00:00:11,960 ‫so, several ones in their organization maybe, 5 00:00:11,960 --> 00:00:13,870 ‫and automate security checks. 6 00:00:13,870 --> 00:00:15,490 ‫It gives you an integrated dashboard 7 00:00:15,490 --> 00:00:17,300 ‫that was going to show you the current security 8 00:00:17,300 --> 00:00:20,060 ‫and compliance status to quickly take actions. 9 00:00:20,060 --> 00:00:22,430 ‫The idea is that it's going to aggregate alerts 10 00:00:22,430 --> 00:00:24,930 ‫in a bunch of different services and partner tools 11 00:00:24,930 --> 00:00:28,020 ‫such as GuardDuty, Inspector, Macie, 12 00:00:28,020 --> 00:00:31,710 ‫the IAM Access Analyzer, Systems Manager, Firewall Manager, 13 00:00:31,710 --> 00:00:33,580 ‫and Partner Network Solutions. 14 00:00:33,580 --> 00:00:37,090 ‫And across multiple accounts, and give you all these alerts 15 00:00:37,090 --> 00:00:39,940 ‫into one central place called the Security Hub. 16 00:00:39,940 --> 00:00:42,450 ‫There's really a need here to centralize all 17 00:00:42,450 --> 00:00:44,180 ‫these security findings into one place 18 00:00:44,180 --> 00:00:46,710 ‫so that your team can be way better organized 19 00:00:46,710 --> 00:00:49,710 ‫and can take actions based on these security alerts. 20 00:00:49,710 --> 00:00:52,030 ‫And for Security Hub to work in the first place, 21 00:00:52,030 --> 00:00:55,910 ‫you need to first enable the AWS Config Service. 22 00:00:55,910 --> 00:00:57,790 ‫So if we look at the Security Hub right here, 23 00:00:57,790 --> 00:00:58,970 ‫as we can see in this diagram, 24 00:00:58,970 --> 00:01:00,180 ‫it is made for multi accounts, 25 00:01:00,180 --> 00:01:03,460 ‫so anytime in the exam you see security centralized place 26 00:01:03,460 --> 00:01:06,070 ‫in multiple accounts, think about Security Hub. 27 00:01:06,070 --> 00:01:08,100 ‫And it's going to analyze events from Macie, 28 00:01:08,100 --> 00:01:10,580 ‫GuardDuty, Inspector, Firewall Manager, 29 00:01:10,580 --> 00:01:13,070 ‫IAM Access Analyzer, Systems Manager, 30 00:01:13,070 --> 00:01:14,720 ‫and it's going to look at all of those, 31 00:01:14,720 --> 00:01:16,950 ‫collect potential issues and and findings, 32 00:01:16,950 --> 00:01:19,430 ‫and summarize them in the Security Hub. 33 00:01:19,430 --> 00:01:21,590 ‫Then the checks are going to be automated 34 00:01:21,590 --> 00:01:24,590 ‫and they're going to appear in the Security Hub dashboards. 35 00:01:24,590 --> 00:01:27,290 ‫But, also, events are going to be generated 36 00:01:27,290 --> 00:01:30,650 ‫in the EventBridge service, so CloudWatch events. 37 00:01:30,650 --> 00:01:34,130 ‫And finally, if you want to investigate these events, 38 00:01:34,130 --> 00:01:35,590 ‫then as we'll see in the next lecture, 39 00:01:35,590 --> 00:01:37,750 ‫we can use the Amazon Detective service 40 00:01:37,750 --> 00:01:40,670 ‫to get down to the root cause of what happened. 41 00:01:40,670 --> 00:01:43,470 ‫So the idea here is AWS gives you an integrated view 42 00:01:43,470 --> 00:01:45,560 ‫and make it way simpler for users 43 00:01:45,560 --> 00:01:48,133 ‫to find security issues and remediate them. 44 00:01:49,480 --> 00:01:51,640 ‫In AWS we can see the Security Hub, 45 00:01:51,640 --> 00:01:54,060 ‫we can see there's a pricing per check, 46 00:01:54,060 --> 00:01:58,030 ‫so the first 1,000 checks cost you this much, and so on. 47 00:01:58,030 --> 00:01:59,200 ‫The more checks you look, 48 00:01:59,200 --> 00:02:01,430 ‫the more pricing you're going to have. 49 00:02:01,430 --> 00:02:02,750 ‫Then there is ingestion of events. 50 00:02:02,750 --> 00:02:04,170 ‫The first 10,000 events are free, 51 00:02:04,170 --> 00:02:06,510 ‫but then you have to pay per finding. 52 00:02:06,510 --> 00:02:08,600 ‫Or you get 30 day trial for Security Hub. 53 00:02:08,600 --> 00:02:09,433 ‫I'm not going to enable it, 54 00:02:09,433 --> 00:02:10,750 ‫but I just want to show you the options. 55 00:02:10,750 --> 00:02:11,810 ‫And it really shows you here 56 00:02:11,810 --> 00:02:14,520 ‫that we have these Automated security checks 57 00:02:14,520 --> 00:02:16,530 ‫and the fact that it looks at different services 58 00:02:16,530 --> 00:02:18,610 ‫such as GuardDuty, Inspector, Macie, 59 00:02:18,610 --> 00:02:22,270 ‫and others to find these security issues, 60 00:02:22,270 --> 00:02:24,020 ‫and then allow you to take actions. 61 00:02:24,919 --> 00:02:27,470 ‫So if we go to Security Hub and enable the trial, 62 00:02:27,470 --> 00:02:30,230 ‫we'll see that first we need to enable Config 63 00:02:30,230 --> 00:02:32,510 ‫to make sure that Security Hub can work. 64 00:02:32,510 --> 00:02:34,450 ‫And then we need to choose a Security standards 65 00:02:34,450 --> 00:02:35,380 ‫we want to adhere to, 66 00:02:35,380 --> 00:02:37,840 ‫so we can have three different options. 67 00:02:37,840 --> 00:02:40,011 ‫And finally, the Integrations based on the services 68 00:02:40,011 --> 00:02:41,060 ‫that we have enabled, 69 00:02:41,060 --> 00:02:42,740 ‫and then you click on enable security hub, 70 00:02:42,740 --> 00:02:43,890 ‫and you'll be good to go. 71 00:02:43,890 --> 00:02:45,080 ‫But I'm not going to show you anything. 72 00:02:45,080 --> 00:02:47,540 ‫I'm not gonna have security issues in my accounts 73 00:02:47,540 --> 00:02:48,740 ‫because I don't really use it. 74 00:02:48,740 --> 00:02:50,110 ‫But at least I showed you the option 75 00:02:50,110 --> 00:02:52,631 ‫and you can see the kind of service that it is. 76 00:02:52,631 --> 00:02:53,770 ‫I hope you liked it. 77 00:02:53,770 --> 00:02:55,720 ‫And I will see you in the next lecture.