Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$2 OFF ALL AWS, Azure, Google Cloud & Kubernetes Practice Exams!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Difference Between Security Hub, Detective, and Inspector

Tagged: 

  • Difference Between Security Hub, Detective, and Inspector

  • farris-kerai

    Member
    June 20, 2020 at 12:00 am

    Hi TD Team,

    I keep on getting confused between all these services. What kind of keyword should I be on lookout to determine the correct service for a question?

    Thanks,

  • TutorialsDojo-Support

    Member
    June 20, 2020 at 11:10 am

    Hello farris-kerai,

    Thanks for the feedback.

    More than keywords, I recommend getting familiar with the use cases for each service. Because the AWS Exam questions are situational and you want to pick the right service for the given situation.

    AWS Security Hub is a service that gives you aggregated visibility into your security and compliance status across multiple AWS accounts. In addition to consuming findings from Amazon services and integrated partners, Security Hub gives you the option to create custom actions, which allow a customer to manually invoke a specific response or remediation action on a specific finding. You can send custom actions to Amazon CloudWatch Events as a specific event pattern, allowing you to create a CloudWatch Events rule that listens for these actions and sends them to a target service, such as a Lambda function or Amazon SQS queue. Think of this if you need integration with partners that provide seucirty analysis and compliance for your systems.

    Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations. For example, an Amazon GuardDuty finding, like an unusual Console Login API call, can be quickly investigated in Amazon Detective with details about the API call trends over time, and user login attempts on a geolocation map. These details enable you to quickly identify if you think it is legitimate or an indication of a compromised AWS resource. Amazon Detective automatically processes terabytes of event data records about IP traffic, AWS management operations, and malicious or unauthorized activity.

    Amazon Inspector is an automated security assessment service that helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances. Amazon Inspector allows you to automate security vulnerability assessments throughout your development and deployment pipeline or against static production systems. This allows you to make security testing a more regular occurrence as part of development and IT operations. Amazon Inspector is an API-driven service that uses an optional agent, making it easy to deploy, manage, and automate. Amazon Inspector assessments are offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions.

    https://aws.amazon.com/blogs/security/automated-response-and-remediation-with-aws-security-hub/

    https://aws.amazon.com/detective/

    https://aws.amazon.com/inspector/faqs/

    Hope this helps.

    Regards,

    Kenneth Samonte @ Tutorials Dojo

    • farris-kerai

      Member
      June 22, 2020 at 6:34 am

      Hi,

      Thanks for the response. When should I use Trusted Advisor vs AWS Config? One is used to track changes but the dashboard can give you an idea of what is passing/failing. Trusted Advisor on the other end can also give you an high level overview of configurations changes within AWS as well.

      Thanks,

      • TutorialsDojo-Support

        Member
        June 22, 2020 at 9:55 pm

        Hello farris-kerai,

        AWS Trusted Advisor provides you real-time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor does not solve any problem by itself, it just presents you with information that you may want to take action. For example, AWS Trusted Advisor will show you a list of underutilized EC2 instances, so you want to take action to lower those instance sizes. Another is on the Security section, for example, you have a security group with Open inbound port 22. This will be shown by Trusted Advisor to you, but it is up to you to take action for those items.

        It merely shows recommendations based on AWS best practices.

        AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. For example, you can set rules that all EC2 instances should have a required Tag “Environment”. If one of your team members created an instance and did not tag it properly, AWS Config can flag that instance. You can also have AWS Config automatically trigger a notification and a Lambda function to remediate or correct the Tag. Basically, AWS Config allows you to set configuration rules for your AWS resources.

        https://aws.amazon.com/config/

        https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

        Regards,

        Kenneth Samonte @ Tutorials Dojo

  • Soroush Atarod

    Member
    October 3, 2023 at 4:38 am

    @farris I recommend to set all of them up. keep in mind that security hub is more of a centralised dashboard and management. if you are using a third party tool you can decide not use it and keep using GuardDuty etc.

    https://www.ovnycloud.com/blog/aws-security-hub-vs-guardduty

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now