AWS Extends Reach of Security Hub to Include Third-Party Partners
Amazon Web Services (AWS) this week added an additional cloud security service through which cybersecurity teams can mix and match third-party partner services with the cloud security offerings provided by the cloud service provider.
Michael Fuller, director of security services for AWS, said an AWS Security Hub Extended offering provides access to cloud security offerings from partners such as 7AI, Britive, CrowdStrike, Cyera, Island, Noma, Okta, Oligo, Opti, Proofpoint, SailPoint, Splunk, Upwind, and Zscaler.
The services provided by these vendors already run on the AWS cloud to enable tighter integration within the AWS Security Hub platform, said Fuller. For example, all security findings adhere to the Open Cybersecurity Schema Framework (OCSF) that is then automatically aggregated in AWS Security Hub to integrate analytics across multiple cloud security services.
The overall number of sensors that need to be deployed is also reduced because third-party providers are integrated with many of the sensors that AWS has already deployed, added Fuller. Cybersecurity teams can then also work more closely with the IT operations teams managing AWS cloud services to, for example, automate patch deployments, he noted.
Additionally, because AWS functions as the seller of record, cybersecurity teams can pre-negotiate pay-as-you-go pricing without any long-term commitments required. That approach makes it possible for cybersecurity teams to combine multiple offerings in a way that also serves to simplify procurement and deployment, said Fuller.
AWS Security Hub Extended, however, is not meant to be a full-on replacement for the AWS Marketplace. Instead, AWS is working with a small number of partners to provide a more integrated framework for managing cloud security, noted Fuller.
Ultimately, there will come a day when all the artificial intelligence (AI) agents provided by AWS and its cybersecurity partners will need to be integrated. AWS is still working out the details of its approach, but the AWS Security Hub Extended does provide a foundation for enabling the level of integration that will be required, said Fuller.
In the meantime, there has been a long-running debate in cybersecurity circles over the merits of a platform-based approach versus relying on best-of-breed tools. In theory, the latter approach provides a more layered approach to defending attack surfaces. The challenge has been the time and effort required to build and maintain integrations. AWS is now finding a middle ground using a platform that provides integrations with best-in-class tooling, said Fuller.
Well over a decade since the initial rise of cloud computing, many security issues remain unresolved. However, those challenges mainly revolve around the practices used to configure cloud computing environments rather than the underlying infrastructure being provided. The challenge cybersecurity teams are then left with is finding a way to secure workloads in the cloud that are only going to increase in volume no matter how they might have initially been provisioned.
As such, it will be up to each cybersecurity team to determine what tools and platforms to employ on the assumption that the way cloud workloads are being created and deployed isn’t likely to change much for the better any time soon.
