This week at AWS Re:Invent 2018, Amazon Web Services announced a solution for aggregating application intelligence data and security alerts in central dashboard called AWS Security Hub. At Twistlock, we’re focused on being a full stack and full lifecycle solution to protect cloud native applications and are proud to announce our integration with the now-public AWS Security Hub.

AWS Security Hub aggregates, organizes, and prioritizes alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner Network (APN) security solutions such as Twistlock. Findings are then visually summarized on integrated dashboards with actionable graphs and tables. Users can also continuously monitor environments using compliance checks based on AWS best practices and industry standards, providing a timely view of overall security and compliance status.

A shared security model: AWS and Twistlock

As an AWS Partner Network (APN) member, we want to integrate with AWS services across the lifecycle such as AWS CodeBuild used for building container images, Amazon ECR for storing images and deploying secure applications, and all the platforms used to run your applications — whether it’s EC2 instances, Amazon ECS and EKS, Fargate, or Lambda. AWS provides industry-leading security capabilities for underlying platform configurations, while Twistlock secures the hosts, containers, orchestration layer, and serverless functions running on AWS.

Sending security intelligence and data to AWS Security Hub

In the diagram below, I’ve highlighted general data flows on AWS services that security architects and infrastructure professionals can access by integrating Twistlock with AWS Security Hub. For example, users are able to access:

  • Vulnerability and compliance data, both when Twistlock scans each image built with CodeBuild and as Twistlock monitors each image stored in ECR
  • Runtime security alerts from applications on EC2, ECS, EKS, Fargate, and Lambda
  • Firewall alert data from applications running on ECS and EKS

Granular data aggregation

Users can choose to send data to meet any goals they have at any stage of the application lifecycle. Some security architects may choose to gather vulnerability and compliance intelligence while others may specifically want runtime threat alerts — that’s why we build our integration with AWS Security Hub to offer granular configurations across lifecycle stages and environments.

Simple configuration

Setting up the integration is easy — users simply provide AWS credentials in Twistlock and then configure their alert policy settings to include specific data they would like to send to Security Hub. In the example below, I’ve created a new alert profile from within Twistlock Console. After selecting Security Hub from the list of alert endpoints, I can choose the exact data I want to forward to Security Hub:

In the screenshot above, I’ve chosen to send a robust set of data to Security Hub, but any user can configure these settings based on the needs of their organization and environments.

Scaling security together

The release of AWS Security Hub provides a single-pane-of-glass for security architects and infrastructure professionals to monitor the security and risk posture of their AWS environments in real time.

Twistlock integrates with Security Hub today without any new license requirements. If you’re running Twistlock, you already have the ability to integrate with Security Hub. To learn more, feel free to check out resources on AWS Security Hub.

← Back to All Posts Next Post →