AWS Security Hub takes half-hearted bite out of SIEM vendors' lunches
SIEMless pitch, amirite?
Amazon Web Services has wheeled out its Security Hub – a SIEM aggregator product – in an effort to snaffle some of the lucrative cloud SIEM market for itself.
The product, unveiled as generally available to world+dog this morning, is billed as allowing AWS customers to "quickly see their entire AWS security and compliance state in one place, and so help to identify specific accounts and resources that require attention."
For potential customers, the idea is simple: instead of being bombarded by alerts about security snafus, config calamities and compliance cockups, Security Hub is intended to “bring all of this information together in one place”. You get a set of graphs, dashboards and the like: in essence it’s a SIEM aggregator, with remediation tips thrown in too.
Most worrying to competing security companies with similar products of their own will be the pricing model. Customers will pay "only for the compliance checks performed and security findings ingested", with the first 10,000 security findings per month thrown in free. After those first 10k the pricing is $0.0010 per check for the first 100,000 compliance checks per account per month, dropping down to $0.0008 per check for the next 400k, and to $0.0005 per check for everything over and above that.
As is always the case with cloud services, customers would do well to keep a tab on the costs to ensure they don't spiral and result in a nasty surprise at the month's end.
In a canned statement, Dan Plastina, AWS veep for External Security Services, described Security Hub as the "glue that connects" third party security wares with its own public cloud services.
"By combining automated compliance checks, the aggregation of findings from more than 30 different AWS and partner sources, and partner-enabled response and remediation workflows, AWS Security Hub gives customers a simple way to unify management of their security and compliance."
AWS mentioned a long list of vendors in its statement, including Barracuda, Palo Alto Networks, Guardicore, Sophos, Atlassian, IBM, and McAfee, who "have built integrations with AWS Security Hub." Notably absent is Alienvault (now AT&T Security), while Splunk is named.
For reasons that are obvious when you think about it, AWS also supplied a canned quotation from Pokemon Go's Jacob Bornemann, who opined: "We were considering building out our own compliance rules for the CIS AWS Foundations Benchmark, but AWS Security Hub made it simple to activate these compliance checks automatically."
As vendor-native SIEM products go, depending on how you look at Security Hub, it's a few months behind Microsoft's Azure Sentinel, which does standalone SIEMing but with the "AI" marketing buzzword du jour liberally sprinkled across it. ®
Editor's note: The list of supporting partners was clarified after publication.