• About Us
  • Contact Us

Securing Enterprise Workloads with AWS Security Hub and AWS Shield Advanced

Introduction

The world of technology is ever evolving at an unprecedented pace. Enterprises are migrating their workloads to the cloud to benefit from agility, scalability and cost-efficiency. However, with this migration comes the imperative need for robust security measures to protect sensitive data, applications and infrastructure from evolving cyber threats.

Cloud Service Providers (CSPs) like Amazon Web Services (AWS) recognize the critical importance of cloud security and offer a suite of tools and services to help organizations maintain a strong security posture in their cloud environments. Among these tools are AWS Security Hub and AWS Shield Advanced. Both of these services play crucial roles in protecting enterprise workloads against security risks, including threats like Distributed Denial-of-Service or DDoS attacks.

In this article, we will dive deep into the world of cloud security and explore how AWS Security Hub and AWS Shield Advanced can be leveraged to secure enterprise workloads effectively. We’ll discuss the key features, benefits and implementation strategies for these services that allow organizations to strengthen their security postures and mitigate potential security vulnerabilities in their AWS environments.

Pre-requisites

  • Familiarity with AWS Cloud Platform: Basic understanding of the AWS cloud platform, including some core services, networking concepts and best practices.
  • Understanding of Cloud Security Measures: A foundational knowledge of cloud security principles and practices is needed for comprehending the capabilities of Security Hub and Shield Advance such as Identity and Access Management (IAM), encryption, network security and compliance frameworks.

AWS Security Hub and AWS Shield Advanced

AWS Security Hub serves as a centralized security dashboard that provides comprehensive visibility into the security posture of an organization’s AWS environment. By aggregating and prioritizing security findings from various AWS services such as Amazon GuardDuty, AWS Inspector, and AWS Firewall Manager, Security Hub enables organizations to quickly identify potential security issues and take proactive measures to mitigate risks. With automated security checks, compliance standards monitoring, and integration with third-party security tools, Security Hub empowers organizations to maintain continuous security monitoring and compliance assurance in their AWS infrastructure.

AWS Shield Advanced offers advanced DDoS (Distributed Denial of Service) protection for AWS resources, safeguarding against the damaging effects of volumetric, state-exhaustion, and application-layer DDoS attacks. As an extension of AWS Shield Standard, which provides basic DDoS protection to all AWS customers at no additional cost, Shield Advanced offers additional features such as enhanced protection against large and sophisticated attacks, 24/7 access to the AWS DDoS Response Team (DRT) for expert guidance and support, and real-time attack visibility and mitigation reports. By leveraging Shield Advanced, organizations can fortify their defenses against DDoS threats and ensure the availability and reliability of their AWS-hosted applications and services.

Difference between Shield and Shield Advanced on AWS

FeatureAWS Shield StandardAWS Shield Advanced
Basic DDoS ProtectionYes (Included for AWS Customers)Yes (Enhanced Protection)
Protection Against Large and Sophisticated AttacksNoYes
24/7 Access to AWS DDoS Response Team (DRT)NoYes
Real-Time Attack Visibility and Mitigation ReportsNoYes
CostIncluded in AWS usage-based pricingAdditional fee based on usage and protection level

To contact the AWS Shield Response Team customers will need the Enterprise or Business Support levels of AWS Premium Support. It requires a 1-year subscription commitment and charges a monthly fee, plus a usage fee based on data transfer out from Amazon CloudFront, Elastic Load Balancing (ELB), Amazon Elastic Compute (EC2), and AWS Global Accelerator.

Audit AWS Account with AWS Security Hub

Is my AWS secure? Let’s check together:

First of all, AWS Security Hub must be enabled on your AWS Account.

  • Cloud Management Console : AWS Management Console
  • Search: AWS Security Hub or go to Service → Security, Identity and Compliance → Security Hub

AWS Security HUB must be enabled for first use with a 30-day free trial.

AWS Security Hub

Security Hub Pricing

AWS Security Hub provides a sophisticated dashboard that shows how compliant each AWS Account is to international security standards like PCI DSS and CIS Benchmark in their latest versions.

Different standards provided by AWS can be enabled to strengthen the security checks, ensuring that they run through all resources and configurations.

Enterprises go through this procedure regularly to ensure that their workloads are safe before going through major upgrades. More findings on specific AWS Services like AMI, EC2 and S3 can be found on the dashboard and studied individually to implement fixes.

Each standard’s score is then taken into consideration during the cloud security fortification procedure and each score is backed up by thorough details of each security check done with its results, severity and title. We will take AWS CIS Benchmark as an example.

CIS AWS Foundations Benchmark

More resources on how to customize AWS Security Hub to specific needs: Working with the Summary dashboard – AWS Security Hub

Deploy AWS Shield Advanced

Deploying AWS Shield Advanced is a crucial step in fortifying your organization’s defenses against DDoS attacks. Here’s how you can get started:

1- Enable AWS Shield Advanced: Navigate to the AWS Management Console and access the AWS Shield console. Follow the prompts to enable AWS Shield Advanced for your AWS account. You may need to subscribe to the service and configure your preferences, such as protection levels and thresholds.

Enabling AWS Shield Advancing

2- Configure Protection Policies: Once AWS Shield Advanced is enabled, configure protection policies to specify which resources and endpoints should be protected against DDoS attacks. You can define custom protection policies based on your organization’s requirements and risk profile.

Shield Advanced setup

3- Integrate with AWS WAF: AWS Shield Advanced seamlessly integrates with AWS Web Application Firewall (WAF) to provide comprehensive protection against layer 7 (application layer) DDoS attacks. Configure AWS WAF rules and policies to mitigate potential threats and enhance your security posture.

4- Monitor and Respond to Threats: Leverage the real-time visibility and attack mitigation capabilities of AWS Shield Advanced to monitor for DDoS attacks and respond swiftly to mitigate their impact. Use the AWS Management Console or API to access detailed attack metrics, mitigation reports, and recommended actions.

5- Engage AWS DDoS Response Team (DRT): In the event of a significant DDoS attack, utilize the 24/7 access to the AWS DDoS Response Team (DRT) provided with AWS Shield Advanced. The DRT can offer expert guidance and support to help you mitigate the attack effectively and minimize disruption to your services.

Conclusion

In conclusion, AWS Security Hub and AWS Shield Advanced are powerful tools that enable organizations to strengthen their security posture and protect their enterprise workloads in the AWS cloud. Security Hub provides comprehensive visibility and monitoring capabilities, allowing organizations to identify and remediate security issues proactively. Shield Advanced offers advanced DDoS protection, safeguarding against the damaging effects of DDoS attacks and ensuring the availability of AWS-hosted applications and services.

Together, AWS Security Hub and AWS Shield Advanced empower organizations to embrace the benefits of cloud computing while mitigating security risks and protecting their most valuable assets.