What are Security Hub and Security Hub CSPM?

AWS Security Hub and AWS Security Hub CSPM are AWS services that protect your cloud environment. The services compliment each other. When used together, they provide valuable insight on the security posture of your AWS environment.

Security Hub CSPM provides a comprehensive view of your security posture and helps you evaluate your cloud environment against security industry standards and best practices. Security Hub provides a unified experience that helps you prioritize and respond to critical security issues. Security Hub CSPM findings are routed to Security Hub automatically where they're correlted with findings from other security services like Amazon Inspector to generate exposures. This helps you identify the most critical risks in your environment. Security Hub also provides automated workflow capabilities, which help you incorporate Security Hub CSPM findings into your operational workflows.

As a best practice, we recommend enabling both services. You can enable Security Hub CSPM without enabling Security Hub if your primary focus is identifying misconfigurations and evaluating your security posture. However, if you enable Security Hub without enabling Security Hub CSPM, Security Hub cannot use Security Hub CSPM findings to provide information about risks and exposures in your AWS environment. For the most optimal experience, we recommend not only enabling Security Hub and Security Hub CSPM, but also enabling these other security services: Amazon GuardDuty, Amazon Inspector, and Amazon Macie.