This week at AWS Re:Invent 2018, Amazon Web Services announced a solution for aggregating application intelligence data and security alerts in central dashboard called AWS Security Hub. At Twistlock, we’re focused on being a full stack and full lifecycle solution to protect cloud native applications and are proud to announce our integration with the now-public AWS Security Hub.
AWS Security Hub aggregates, organizes, and prioritizes alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner Network (APN) security solutions such as Twistlock. Findings are then visually summarized on integrated dashboards with actionable graphs and tables. Users can also continuously monitor environments using compliance checks based on AWS best practices and industry standards, providing a timely view of overall security and compliance status.
A shared security model: AWS and Twistlock
As an AWS Partner Network (APN) member, we want to integrate with AWS services across the lifecycle such as AWS CodeBuild used for building container images, Amazon ECR for storing images and deploying secure applications, and all the platforms used to run your applications — whether it’s EC2 instances, Amazon ECS and EKS, Fargate, or Lambda. AWS provides industry-leading security capabilities for underlying platform configurations, while Twistlock secures the hosts, containers, orchestration layer, and serverless functions running on AWS.
Sending security intelligence and data to AWS Security Hub
In the diagram below, I’ve highlighted general data flows on AWS services that security architects and infrastructure professionals can access by integrating Twistlock with AWS Security Hub. For example, users are able to access:
- Vulnerability and compliance data, both when Twistlock scans each image built with CodeBuild and as Twistlock monitors each image stored in ECR
- Runtime security alerts from applications on EC2, ECS, EKS, Fargate, and Lambda
- Firewall alert data from applications running on ECS and EKS
Granular data aggregation
Users can choose to send data to meet any goals they have at any stage of the application lifecycle. Some security architects may choose to gather vulnerability and compliance intelligence while others may specifically want runtime threat alerts — that’s why we build our integration with AWS Security Hub to offer granular configurations across lifecycle stages and environments.
Setting up the integration is easy — users simply provide AWS credentials in Twistlock and then configure their alert policy settings to include specific data they would like to send to Security Hub. In the example below, I’ve created a new alert profile from within Twistlock Console. After selecting Security Hub from the list of alert endpoints, I can choose the exact data I want to forward to Security Hub:
In the screenshot above, I’ve chosen to send a robust set of data to Security Hub, but any user can configure these settings based on the needs of their organization and environments.
Scaling security together
The release of AWS Security Hub provides a single-pane-of-glass for security architects and infrastructure professionals to monitor the security and risk posture of their AWS environments in real time.
Twistlock integrates with Security Hub today without any new license requirements. If you’re running Twistlock, you already have the ability to integrate with Security Hub. To learn more, feel free to check out resources on AWS Security Hub.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.