AWS Security Hub & SecureCloudDB Integration

    Mar 4, 2021 / by SecureCloudDB

    Security is a Shared Responsibility

    It can be easy to assume Cloud Providers provide complete and total security. However, that is not the case. Amazon’s Shared Responsibility Model makes it clear that AWS is “responsible for security ‘of’ the cloud” while AWS customers are “responsible for security ‘in’ the cloud.” 

    Per Amazon, “Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.”

    Amazon's Shared Responsibility Model

    Amazon's Shared Responsibility Model

    For instance, customers who use DynamoDB are responsible for data management and encryption, setting up and maintaining appropriate permissioning, and asset classification. AWS manages the infrastructure, operating system, and platform. 

    This means organizations cannot associate protecting and defending the environment with safeguarding the data in it; the organization, not the Cloud Provider, is always accountable for data protection.


    Simplify Public Cloud Database Vulnerability Management

    SecureCloudDB helps organizations fulfill their side of security management in the cloud. We locate and report on all public cloud databases from across all AWS accounts. Automated asset discovery, configuration checks, and Database Activity Monitoring make it easy for organizations to protect sensitive data where it lives and adhere to compliance frameworks. Built specifically for the cloud, SecureCloudsDB's complete security approach complements AWS security tools while covering the gaps that legacy on-prem database security tools do not address. 

    AWS Security Hub is an Amazon service that groups and prioritizes findings (alerts on potential security issues) generated by AWS security tools and partners into one console, thus enabling users to manage security and compliance for multiple AWS accounts in one place. 

    SecureCloudDB is an AWS partner and supports Security Hub. This means real-time alerts regarding cloud database configuration issues and activity anomalies can be pushed from SecureCloudDB into Security Hub.

    Use the SecureCloudDB and Security Hub integration to automate public cloud database vulnerability management — import real-time alerts from SecureCloudDB into Security Hub and use prefabricated Lambda functions for remediation.

    Use the AWS Security Hub and SecureCloudDB integration to:

    • View, analyze and manage database-specific vulnerabilities and threats in AWS — Assess misconfigurations relating to encryption, public access, passwords/user privileges as well as atypical database activity.
    • Instantly correlate findings and prioritize risks — Associate SecureCloudDB findings with findings from other tools including Amazon GuardDuty, Inspector, IAM Access Analyzer, and more.
    • Automate remediation and decrease incident response time — Simplify the remediation process by deploying the SecureCloudDB library of AWS Lambda functions for quick and complete fixes.
    • Identify and consistently enforce compliance with security rules — SecureCloudDB regularly collects and updates security rules from AWS, the Center for Internet Security (CIS), industry experts, and global security leaders. In addition, users can create their own customized versions of security rules.
    • Protect public cloud databases from attacks — SecureCloudDB’s robust security positioning and alerting functionality combined with Security Hub’s comprehensive findings and trends empower organizations to quickly identify and mitigate security issues.

    Key features include: 

    • Real-time reporting on environments that rely on DynamoDB, ElastiCache, Elasticsearch, RDS, Redshift, Postgres and MySQL 
    • Granular visibility into database-specific vulnerabilities and threats across accounts
    • Delivery of the most relevant incident data 
    • Consolidated reporting in one central location — the AWS Security Hub dashboard 


    How it Works

    Users create policies in their SecureCloudDB account related to Database Activity Monitoring and configurations. These policies are continuously checked against the information in users’ AWS databases. When alerts are triggered because of a policy violation, they are converted into findings and sent from the user’s SecureCloudDB account into Security Hub. Information on severity mapping, how findings are updated and more can be found here.

    To facilitate the integration, users are required to create a Security Hub alert destination within SecureCloudDB and associate it to the policies they are looking to report on. With our 5-step alert destination setup wizard and straightforward policy delivery setup, this process can be completed in less than 10 minutes. Find step-by-step setup instructions here.


    Reduce Database Security Risk

    Importing SecureCloudDB insights into Security Hub extends visibility into public cloud databases empowering security teams with more informed decision-making, the ability to respond to threats faster, and the option of automating remediation.

    SecureCloudDB’s support of AWS Security Hub is included at no extra charge in our licensing agreement. Get started today!

    Tags: AWS, Shared Responsibility

    Written by SecureCloudDB