AWS re:Invent 2025 - AWS Security Hub: Unifying & simplifying security operations at scale (SEC228)

Summary of AWS re:Invent 2025 - AWS Security Hub: Unifying & simplifying security operations at scale (SEC228)

Evolving Security Challenges and Needs

• Customers face increasing complexity in the changing technology landscape, with more modernization and transformation to the cloud and AI/GenAI.
• Key customer needs include:
  • Unified visibility across all resources and security signals
  • Contextual security information to enable faster and more meaningful response
  • Normalized and integrated security signals from various tools
  • Automated response and remediation capabilities

The Evolution of AWS Security Hub

• Security Hub has evolved from a cloud security posture management (CSPM) service to a unified security operations platform.
• Key improvements include:
  • Centralized aggregation and correlation of security findings from AWS native services and partner tools
  • Enrichment of findings with contextual information and attack path analysis
  • Automated exposure identification and risk prioritization
  • Standardized security event format (OCSF) for easier integration with other tools

Exposure Findings and Risk Prioritization

• Exposures are elevated security findings that combine multiple signals to identify high-risk weaknesses in resources.
• Exposures are generated by analyzing traits across findings, such as:
  • Vulnerabilities
  • Network reachability
  • Sensitive data access
  • Misconfigurations
  • Malicious software
• Exposures are prioritized based on factors like ease of discovery, exploitability, likelihood, awareness, and potential impact.
• Exposures provide a visual attack path to help understand and remediate the identified risks.

Simplified Enablement and Centralized Management

• Security Hub provides a unified enablement experience to configure and manage AWS security services across accounts and regions.
• Delegated administrator model allows central management and visibility from a single account.
• Bundled pricing simplifies cost management by providing a single invoice for threat detection, vulnerability management, sensitive data protection, and CSPM.

Integration and Automation

• Security Hub findings are normalized to the open OCSF standard, enabling seamless integration with partner tools for automated workflows and remediation.
• Integrations with tools like Jira, Splunk, and Securonix allow security teams to route findings to the appropriate teams and automate response actions.

Customer Experience: Awesome's Journey with Security Hub

• Awesome, the parent company of SmugMug and Flickr, needed a way to centralize and prioritize security findings from various tools.
• Security Hub provided a single pane of glass for all security signals, enabling faster research, prioritization, and routing of findings to the right teams.
• Automated workflows and integrations with Jira allowed Awesome to turn security findings into actionable tasks, empowering their engineering teams to remediate issues.
• Awesome is excited about the bundled pricing, unified enablement, and future integrations with AWS security services and incident response teams.

Key Takeaways

• Security Hub has evolved into a comprehensive security operations platform, unifying visibility, context, and automated response across AWS security services and partner tools.
• Exposure findings and risk prioritization help security teams focus on the most critical issues, while simplified enablement and centralized management reduce operational overhead.
• Standardized security event format and integrations with partner tools enable seamless automation and remediation workflows.
• Customers like Awesome are leveraging Security Hub to centralize security operations, empower engineering teams, and improve their overall security posture.