Simplify and Save Time with cloudtamer.io and AWS Security Hub
8 min read
New cloudtamer.io is now Kion! New name. Expanded capabilities. Same outstanding customer service. Learn More
Last updated on October 26th, 2021 at 10:34am
I'm very excited to partner with AWS for our integration with AWS Security Hub, now available as of our 2.24 release. In Q2 of this year, we released our continuous compliance capabilities that featured an integration with Cloud Custodian, the multi-cloud, open source rules engine that provides an easy language to build out compliance checks and automated remediations. Our use of Cloud Custodian facilitates our integration with AWS Security Hub and, since many of our customers are already using AWS Security Hub, it made sense to bring our tools together to leverage the best of both worlds.
Let's take a deeper dive into AWS Security Hub and the four different ways you can leverage this new integration.
AWS Security Hub is a service you can enable in your AWS account on a per-region basis that will list security findings for your account. Currently, there are a few security standards that you can enable to perform automated checks against modern benchmarks to see how aligned you are with various compliance standards:
AWS Security Hub is also an aggregator for many of the AWS services. It serves as a dashboard so you can view all the findings in one place.
The raw power of cloudtamer.io is in its ability to easily write checks with remediations and then push them out to all your accounts across multiple partitions, payer accounts, and AWS Organizations. AWS provides wonderful building blocks for engineers but, in our time-constrained days, we need to maximize the time we spend to achieve the best results possible. For the security teams that need to protect their organizations by building out hundreds of checks and automated remediations, using solely AWS without other tools takes a bit of effort. AWS has an article on how to get started with custom rules for AWS Config and then how to import AWS Config rule evaluations into AWS Security Hub as findings. The TL;DR of it is you must:
The initial implementation to get this integration to work is straightforward, but you can see how this can quickly eat up your time. You’ll need to:
Once you have this all working, you still have to create new Lambda functions with code for each check.
cloudtamer.io handles all of these tasks for you and provides a simple language for you to write your checks. Here's the simpler alternative to the workflow above:
This is the code that finds all security groups that are open to the world and then adds the finding to both cloudtamer.io and to AWS Security Hub.
With cloudtamer.io, you can use a language that cuts down on the amount of code you have to write and helps manage the orchestration of the checks across your account. As an added bonus, the two lines of code at the bottom will remove the invalid rule for you.
From a maintenance standpoint, it’s much easier for your teams to manage each check and remediation from a single place with limited code versus having to follow a long workflow that is error-prone.
As we mentioned earlier, there are four different ways cloudtamer.io can integrate with AWS Security Hub:
Head over to our knowledge base to access our code samples and to see how each of these integration options works in more depth. Check out the full press release below for a summary of this new integration and reaction from AWS.
Fulton, MD, December 8, 2020 – cloudtamer.io, an innovative software company providing a leading multi-cloud governance solution, today announced a significant integration with AWS Security Hub (“Security Hub”). Security Hub provides a comprehensive view of compliance checks for Amazon Web Services (AWS) customers and, with this new integration, users can quickly detect, investigate, and respond to possible threats in the cloud, all in one place.
The new native integration within cloudtamer.io allows customers to automatically send and receive findings and trigger remediation actions via Security Hub. cloudtamer.io already allows customers to create compliance checks for all their cloud accounts using native Cloud Custodian policies. Now, this integration simplifies the threat-monitoring process by allowing cloudtamer.io to interact with Security Hub and provide a “single-pane-of-glass” view of up-to-the-minute compliance without duplicating efforts. Prior to this integration, customers using Security Hub in addition to cloudtamer.io were required to check for compliance in two different places.
“To be most effective, security teams need to be able to respond quickly and easily to threats,” said Joseph Spurrier, CTO and co-founder of cloudtamer.io. “Our mission is to make our customers’ lives easier in the cloud, and our new integration with AWS Security Hub is an example of how we deliver on this mission. Our customers will now be able to make fast and informed decisions to enhance security and ensure desired business outcomes from the cloud.”
Additionally, cloudtamer.io allows customers to use the Cloud Custodian YAML domain-specific language to detect and remediate noncompliance in Security Hub—enhancing the customer experience by making these activities faster and simpler. Historically, customers spent time writing and maintaining complex Lambda functions. Now, with this integration, it only takes 2 lines of code to shut down an Amazon Elastic Compute Cloud (Amazon EC2) instance. cloudtamer.io provides the added functionality to easily trigger hundreds of additional resource-specific actions as soon as a non-compliant resource is detected—significantly reducing the time-to-value when writing and monitoring checks across many AWS environments.
“Security teams expend a lot of energy working to prevent, detect, and respond to threats,” said Vice President of External Security Services at Amazon Web Services, Inc., Dan Plastina. “cloudtamer.io’s integration with AWS Security Hub provides visibility in one central place, allowing customers to both streamline detection and simplify taking action on findings to improve their security posture.”
cloudtamer.io is an AWS Advanced Technology Partner.