Amazon Web Services has expanded Security Hub with new capabilities designed to bring together security operations across multiple cloud environments.
The service, which was originally intended to centralize security alerts within AWS, is being further developed into a platform that can also combine risks and signals from other cloud environments and external security tools.
According to AWS, the expansion is a response to the way many organizations have set up their IT environments. Large companies often work with a combination of on-premises infrastructure, private data centers, and multiple public clouds. As a result, security teams must monitor risks across multiple dashboards and tools, making it difficult to maintain an overview.
Security Hub aims to reduce this problem by collecting security information from different sources and normalizing it in a single environment. The service combines signals from various AWS security services, including GuardDuty, Inspector, and Macie, to analyze vulnerabilities, threats, and configuration issues collectively.
AWS is also adding integrations with security solutions from partners. Organizations can also receive signals from tools for identity management, endpoint security, and network monitoring, among other things, via Security Hub. The aim is to reduce the time security teams spend combining data from different systems and enable them to respond more quickly to risks.
Security Hub gets expanded partner ecosystem
In addition to the existing functionality, AWS is introducing a more comprehensive version of Security Hub that allows companies to manage a broader set of security solutions through a single platform. To this end, the company is collaborating with multiple technology partners, including providers of identity, data, and threat detection security.
In the coming months, AWS plans to further expand Security Hub with support for multicloud environments. The basis for this is a shared data layer that can collect security signals from different cloud platforms. On top of that layer, AWS plans to offer analysis and policy functions that enable organizations to prioritize risks across multiple environments.
The expansion should also offer new analysis capabilities. Among other things, Security Hub can detect vulnerabilities in virtual machines, container images, and serverless applications through the more extensive capabilities of Amazon Inspector. In addition, AWS is working on network scans that provide insight into internet-accessible systems, even when they run outside of AWS.
According to Gee Rittenhouse, vice president of security services at AWS, the development is intended to give security teams a better overview of risks in complex IT environments. Instead of having to combine security signals from different systems, he believes organizations will be able to analyze and respond to risks through a single operational environment.
With this expansion, AWS is responding to a broader trend in which companies are spreading their workloads across multiple cloud platforms. This is also increasing the need for security solutions that not only function within a single cloud provider but also provide visibility across the entire IT landscape. AWS is therefore increasingly positioning Security Hub as a central layer for security operations.