ChannelLife Australia - Industry insider news for technology resellers
Australia

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Secure cloud symbol with digital shields and security icons for cloud protection
#
Hyperscale
#
Cloud Security
#
Advanced Persistent Threat Protection

AWS introduces Security Hub for unified threat detection in cloud

Fri, 5th Dec 2025
Author image
By Sean Mitchell, Publisher

AWS has made its Security Hub service generally available, offering near real-time threat correlation for organisations operating in the cloud. The platform is designed to help security teams identify and prioritise critical security risks by automatically correlating and enriching threat signals across multiple AWS security services.

Threat correlation

Security Hub aggregates findings from Amazon GuardDuty, Amazon Inspector, AWS Security Hub Cloud Security Posture Management (CSPM), and Amazon Macie. It automatically organises alerts by threats, exposures, resources, and coverage, presenting them in a unified console. The system reduces manual effort by enabling users to view the most pressing issues in one place, expediting incident detection and response.

The platform incorporates near real-time risk analytics, alerting teams as soon as new exposures occur. This approach enables quicker assessment of whether remediation measures have successfully mitigated identified risks. Findings from different sources are analysed and combined, highlighting scenarios where multiple issues could escalate to significant security incidents.

Data visibility

Security Hub's Trends feature permits up to one year of historical analysis. The Summary dashboard offers an overview of threats, exposures, affected resources, and security coverage. Customisable widgets enable security teams to arrange the dashboard according to their operational needs, with filtering options available by severity, account, resource type, and time period.

Widgets such as the Security coverage tracker highlight deployment gaps across AWS accounts and regions. These display the status of services including vulnerability management, threat detection, sensitive data discovery, and posture management, offering an overview of where additional coverage may be required.

Cross-region aggregation is available. Delegated administrator accounts can access findings at both the administrative and member account levels. Trends data is retained for up to a year before it is deleted automatically.

Exposure analytics

Security Hub calculates exposure findings as soon as relevant data is available from integrated services. The Exposure page groups these findings by title and severity, offering visual trends analysis over the previous 90 days. Each exposure describes the potential security impact, such as data destruction or unauthorised access, and provides a count of affected resources.

Detailed exposure reports are available for further investigation, including information on the type of exposure, involved accounts, affected regions, age, and contributing security issues categorised by factors like reachability, vulnerability, sensitive data, and misconfiguration. The Potential attack path tab provides a visual representation of how resources could be compromised, mapping relationships among various AWS resources and settings.

The Remediation section prioritises recommended actions, providing links to technical documentation. The interface allows teams to monitor their progress as exposures are addressed and security posture improves.

Integration support

Security Hub integrates with external ticketing systems such as Jira and ServiceNow, supporting automated incident management workflows. Tickets can be created directly from the Security Hub console or triggered by custom automation rules, routing issues to relevant teams based on predetermined criteria.

The service adopts the Open Cybersecurity Schema Framework (OCSF) to enhance interoperability with partner platforms including Cribl, CrowdStrike, DataDog, Dynatrace, Expel, Graylog, Netskope, Securonix, SentinelOne, Splunk, Sumo Logic, Tines, Upwind Security, Varonis, DTEX, and Zscaler. Consulting partners such as Accenture, Deloitte, Optiv, PwC, Caylent, and Wipro support customers with implementation and migration to OCSF.

Automated response workflows are also supported through Amazon EventBridge. These rules can route findings to services such as AWS Lambda or Systems Manager Automation runbooks for processing without manual review.

Pricing and availability

Security Hub is available to existing users of AWS security services and can be activated for new accounts through the AWS Management Console. The service offers consolidated resource-based pricing, covering integrated AWS security services under a simplified model. Organisations can estimate projected costs prior to deployment using a built-in cost estimator.

"Security teams need actionable insights, not more data silos. With AWS Security Hub, our customers can unify their security operations, reduce manual effort, and quickly identify where to focus remediation," said Jon Ramsey, Vice President, Security, AWS.
Related stories
Snowflake, TVS Next tie up on NexOps for manufacturers
How AI-powered log management unlocks observability
Australia eyes open AI infrastructure for 2026 era
Twilio, AEG sign fan engagement & data partnership
Digital rights group urges Australians to fight privacy trap

Top stories

Rocket Software unveils ContentEdge for safer GenAI
Gigamon honours global partners in channel-first push
BIXOLON, Printec power thermal receipt kiosks push
Vection wins award for Algho inclusive sign AI tool
Cohesity boosts identity resilience for hybrid AD, Entra