Managing the security and compliance of an IT infrastructure has become one of the most time-consuming and important tasks for IT security professionals. Firewalls, vulnerability scanners, intrusion detection systems, and compliance checks are powerful tools for safeguarding your critical IT assets. However, these tools are only as effective as your organization’s capacity to monitor, prioritize, and respond to crucial events. These tools often produce thousands of findings each day, leaving security teams to sort through alerts from various devices and identify which findings require action.
AWS solves this problem by consolidating compliance checks and security findings from Security Hub, GuardDuty, and other products into a centralized location. Findings flowing into Security Hub from GuardDuty, IAM Access Analyzer, Macie, and partner offerings are all standardized into the AWS Security Findings Format. This standardized format eliminates the need for manual data conversion and simplifies the process of transferring data into external environments. The AWS Security Hub integration with RSA Archer enables organizations to automatically import data directly into RSA Archer.
How it works
AWS Security Hub runs automated configuration and compliance checks based on industry standards such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. The checks provide real time compliance scores and identify devices and accounts requiring attention.
GuardDuty is a managed threat detection service that uses machine learning to safeguard critical AWS accounts and services from malicious activity and other security threats. GuardDuty monitors activities and logs issues within the AWS environment, provides recommended remediation actions, and assigns numeric severity values to these issues. Issues are then categorized into three severity levels based on the criticality and type of threat detected.
Leveraging cutting-edge technology
Prior to being routed into RSA Archer, Security Hub and Guard Duty findings flow into Simple Queue Services (SQS) Queues, which is a distributed message queuing service developed by Amazon. These queues offer a nearly unlimited number of API calls per second, and due to their distributed nature, they provide virtually unlimited throughput. Server-side encryption is available to protect the contents in SQS queues and can be configured using the AWS Key Management Service. These queues are extremely affordable and future proof the RSA Archer integration. Additional AWS Security Hub products and third-party offerings can be directly transferred from these queues into RSA Archer.
From AWS Security Hub to RSA Archer
The RSA Archer integration with AWS Security Hub provides users with the ability to leverage compliance checks and security findings in their RSA Archer environment. The Security Hub data feed ingests findings from Security Hub into the Configuration Check Results application. Check Results are then mapped to the technology baselines such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. GuardDuty security findings are routed into the new Potential Unauthorized Activity on-demand application.
Both Security Hub and GuardDuty findings can be grouped into tickets and formally remediated through the RSA Archer exception requests and remediation plans workflows. The integration also leverages RSA Archer’s new charting engine, which was introduced in version 6.7.
Interested in learning more about the AWS Security Hub Integration with RSA Archer?
Listen to a recording or check out the presentation of a Free Friday Tech Huddle that covered the AWS Security Hub integration with RSA Archer. Free Friday Tech Huddles are only available to RSA Archer customers. if you are not yet a customer but are interested in learning more, please contact your local representative or authorized reseller - or visit us at www.rsa.com.