AWS Security Hub Creates Mega MSSP Starting with 25 Partners

(Pictured above: AWS CEO Andy Jassy on stage at the company’s Re:invent event, held last month in Las Vegas.)

Amazon Web Services is the last of the big-three global cloud giants to launch a dedicated ecosystem of security providers, but it has doubled down on rivals Microsoft and Google with the launch of its AWS Security Hub.

The company revealed the AWS Security Hub at its annual AWS re:Invent conference in Las Vegas late last month. Now in preview, the new service brings together security ecosystem partners, where they can share and aggregate threat data with AWS security services, providing a consolidated GUI-based view. The hub prioritizes the most dangerous risks and provides unified views and remediation options.

While all three of the major global public cloud providers have extensive and broad cloud-security initiatives, the AWS Security Hub is its firmest grip yet by the cloud giant to offer a holistic security offering delivered and integrated with bundled, third-party solutions.

All three cloud providers have various approaches to their security hubs. Microsoft introduced its Azure Security Center three years ago and the Google Cloud Security Command Center (Cloud SCC) launched in March (the Google Cloud SCC went alpha earlier this month, meaning GCP customers can now test it).

For its part, Amazon rolled out the AWS Security Hub preview service, free of charge during the preview period, with 25 initial launch partners, double that of which are now listed in Microsoft and Google offerings. As the three continue to build their respective ecosystems and platforms, it’s become increasingly apparent that they are becoming giant managed security service providers (MSSPs). Security Hub can be activated on a single account by clicking on the AWS Security Hub console or a via a single API call.

AWS Security Hub dashboard

Given its scope, the new AWS Security Hub could be viewed as a threat, or an opportunity, to MSSPs, but perhaps no more or less than the three players are to regional and local cloud and managed services providers (CSPs and MSPs).

“This service only works, in my opinion, if it has a robust third-party partner ecosystem because so many of our customers are using all these third-party security services,” said AWS CEO Andy Jassy during his keynote at the re:invent conference where he introduced the new service.

“One of the big challenges is, you have all these findings there in different data formats and different services, and CISCOs are forced to constantly be pivoting between different consoles, different services or aggregating all that data … and trying to normalize it to make [it] coherent, but it’s a lot of work,” he added. “AWS Security Hub is a place where you can centrally manage security compliance across your whole AWS environment. With Security Hub, you now have a single place that aggregates, organizes and prioritizes your security alerts or findings from multiple AWS services such as Amazon GuardDuty, Amazon Inspector and Amazon Macie, as well as from AWS partner solutions.”

GuardDuty is a threat-detection service for AWS workloads; Inspector provides security and compliance assessments; and Macie is a service that uses machine learning and anomaly detection to automatically discover, classify and secure sensitive data stored in S3, with other Amazon services planned.

AWS Security Hub also integrates with the company’s popular severless compute offering, Lambda, with which AWS provides automated remediation. The AWS 25 security ecosystem partners include Alert Logic, Armor, Barracuda, Check Point, Cloud Custodian, CrowdStrike, CyberArk, Demisto, F5, Fortinet, GuardiCore, IBM, McAfee, Palo Alto Networks, Qualys, Rapid7, Splunk, Sophos, Sumo Logic, Symantec, Tenable, Trend Micro, Turbot and Twistlock.

Many of the launch partners also are aligned with the Microsoft and Google offerings. Besides the large number of partners signed up for the AWS Security Hub, the new service is notable for the way Amazon is …