Should MSSPs consider the hub a threat or an opportunity?

Jeffrey Schwartz

December 18, 2018

5 Min Read
AWS Security Hub Jassy Reinvent 2018
AWS

(Pictured above: AWS CEO Andy Jassy on stage at the company’s Re:invent event, held last month in Las Vegas.)

Amazon Web Services is the last of the big-three global cloud giants to launch a dedicated ecosystem of security providers, but it has doubled down on rivals Microsoft and Google with the launch of its AWS Security Hub.

The company revealed the AWS Security Hub at its annual AWS re:Invent conference in Las Vegas late last month. Now in preview, the new service brings together security ecosystem partners, where they can share and aggregate threat data with AWS security services, providing a consolidated GUI-based view. The hub prioritizes the most dangerous risks and provides unified views and remediation options.

While all three of the major global public cloud providers have extensive and broad cloud-security initiatives, the AWS Security Hub is its firmest grip yet by the cloud giant to offer a holistic security offering delivered and integrated with bundled, third-party solutions.

All three cloud providers have various approaches to their security hubs. Microsoft introduced its Azure Security Center three years ago and the Google Cloud Security Command Center (Cloud SCC) launched in March (the Google Cloud SCC went alpha earlier this month, meaning GCP customers can now test it).

For its part, Amazon rolled out the AWS Security Hub preview service, free of charge during the preview period, with 25 initial launch partners, double that of which are now listed in Microsoft and Google offerings. As the three continue to build their respective ecosystems and platforms, it’s become increasingly apparent that they are becoming giant managed security service providers (MSSPs). Security Hub can be activated on a single account by clicking on the AWS Security Hub console or a via a single API call.

AWS-Security-Hub-Summary-.jpg

AWS Security Hub dashboard

Given its scope, the new AWS Security Hub could be viewed as a threat, or an opportunity, to MSSPs, but perhaps no more or less than the three players are to regional and local cloud and managed services providers (CSPs and MSPs).

“This service only works, in my opinion, if it has a robust third-party partner ecosystem because so many of our customers are using all these third-party security services,” said AWS CEO Andy Jassy during his keynote at the re:invent conference where he introduced the new service.

“One of the big challenges is, you have all these findings there in different data formats and different services, and CISCOs are forced to constantly be pivoting between different consoles, different services or aggregating all that data … and trying to normalize it to make [it] coherent, but it’s a lot of work,” he added. “AWS Security Hub is a place where you can centrally manage security compliance across your whole AWS environment. With Security Hub, you now have a single place that aggregates, organizes and prioritizes your security alerts or findings from multiple AWS services such as Amazon GuardDuty, Amazon Inspector and Amazon Macie, as well as from AWS partner solutions.”

GuardDuty is a threat-detection service for AWS workloads; Inspector provides security and compliance assessments; and Macie is a service that uses machine learning and anomaly detection to automatically discover, classify and secure sensitive data stored in S3, with other Amazon services planned.

AWS Security Hub also integrates with the company’s popular severless compute offering, Lambda, with which AWS provides automated remediation. The AWS 25 security ecosystem partners include Alert Logic, Armor, Barracuda, Check Point, Cloud Custodian, CrowdStrike, CyberArk, Demisto, F5, Fortinet, GuardiCore, IBM, McAfee, Palo Alto Networks, Qualys, Rapid7, Splunk, Sophos, Sumo Logic, Symantec, Tenable, Trend Micro, Turbot and Twistlock.

Many of the launch partners also are aligned with the Microsoft and Google offerings. Besides the large number of partners signed up for the AWS Security Hub, the new service is notable for the way Amazon is …

… delivering it.

Amazon’s hub gathers data shared from AWS accounts and third-party partner tools, ingests and transforms alerts and threat information, correlates and prioritizes its findings. AWS said the hub provides automated, continuous account-level configuration and compliance checks based on whichever best practices a customer or partner chooses — including its own Center for Internet Security (CIS) AWS Foundations Benchmark.

Compliance scores are presented via Amazon CloudWatch, the company’s monitoring and management service for developers, system operators and customers’ administrators. The CloudWatch UI lets administrators see specific accounts and resources that they must address.

“When you have hundreds of accounts and thousands of alerts every day, customers are looking for a visual summary that integrates the different dashboards,” said Jeff Aden, founder and executive VP of business development at 2nd Watch, an AWS premier consulting partner.

Alert Logic, an MSSP that operates its own security operations center (SOC) and provides threat-assessment services as an alterative to using SIEM tools, has worked with AWS Security Hub in advance of last month’s launch. Amazon said the AWS Security Hub is open to additional partners.

Along with AWS Security Hub, Amazon also launched its AWS Control Tower, for customers and service providers to create multi-account AWS environment using its new Landing Zone and blueprints that cover the company’s baseline and best practices for automating the creation of accounts that are secure.

“This is a much easier way, with just a few clicks and a GUI, for you to be able to manage your multi-account secure environment or landing zone in AWS, Jassy said.

Read more about:

MSPs

About the Author(s)

Jeffrey Schwartz

Jeffrey Schwartz has covered the IT industry for nearly three decades, most recently as editor-in-chief of Redmond magazine and executive editor of Redmond Channel Partner. Prior to that, he held various editing and writing roles at CommunicationsWeek, InternetWeek and VARBusiness (now CRN) magazines, among other publications.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like