A naukri.com initiative
Amazon
1M
175
Image Credit: Amazon
Improve security incident response times by using AWS Service Catalog to decentralize security notifications
- Organizations can streamline the notification process for security-related findings by using AWS Service Catalog to alert workload owners and developers. This approach offers a decentralized response that speeds up incident to resolution times by subscribing them to receive near real-time security notifications through email. The Security Hub product integrations like GuardDuty and Amazon Inspector, along with notifications of non-compliance with security standards, produce better notifications and equip teams to configure AWS resources appropriately to reduce exposure time of unsecured resources. An end-user experience is included using the least-privilege which allows users to access the shared AWS service catalog product.
- The User chooses SubscribeToSecurityNotifications, and the AWS Service Catalog product view redirects them to instructions on how to use it. Users enter their email address, minimum severity level for notifications, and can filter notifications by specifying resource tags (Critical, High, Medium, or Low). They can also choose to restrict security notifications to include or exclude specific security products.
- After the user subscribes, they receive email notifications for new Security Hub findings in near real-time without delay. Each email contains a summary of the finding in the subject line, account details, finding details, recommendations (if any), list of resources & tags affected. An IAM Identity Center shortcut link to the Security Hub finding is also included within the email notifications.
- AWS Service Catalog and AWS CloudFormation are used to set up the security notifications process. With this mechanism, workload owners can subscribe to receive near real-time Security Hub notifications through email with email notifications for new Security Hub findings via Amazon Simple Notification Service, which includes a formatted Security Hub JSON event message that is human-readable. A second and more advanced deployment option involves using an AWS Lambda function to enhance messages by doing conversions from UTC to your selected time zone.
- The solution’s deployment process requires Administrator-level access to AWS Organizations, Security Hub enabled accounts, an AWS account to host the solution, authorization that uses AWS IAM Identity Center or federated IAM role names in every AWS account for users accessing the Service Catalog product. Delegated access to organizations and delegated administrators for Service Catalog are also needed.
- There are cost implications to this solution. For example, there is a cost for each Amazon SNS email notification sent out, Service Catalog API calls, and execution of Lambda functions. Consider enabling Security Hub consolidated control findings, which prevents users from receiving multiple email notifications for a control that applies to multiple standards.
Read Full Article
10 Likes
For uninterrupted reading, download the app