Overview - AWS Security Hub Automated Response and Remediation

Overview

The continued evolution of security threats makes it difficult, expensive, and time-consuming for security teams to react. The AWS Security Hub Automated Response and Remediation solution addresses this challenge by providing predefined response and remediation actions based on industry compliance standards and best practices.

AWS Security Hub Automated Response and Remediation is an add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a library of automated playbooks. The solution makes it easier for AWS Security Hub customers to resolve common security findings and to improve their security posture in AWS.

Customers choose the individual playbooks they want to deploy in their Security Hub primary account. Each playbook contains the necessary custom actions, Identity and Access Management (IAM) roles, Amazon CloudWatch Events, AWS Systems Manager automation documents, AWS Lambda functions, and AWS Step Functions needed to start a remediation workflow within a single AWS account, or across multiple accounts. Remediations work from the Actions menu in AWS Security Hub and allow authorized users to remediate a finding across all of their AWS Security Hub-managed accounts with a single click. For example, customers can apply recommendations from the CIS AWS Foundations Benchmark, a compliance standard for securing AWS resources, to ensure passwords expire within 90 days and enforce encryption of event logs stored in AWS.

AWS Security Hub Automated Response and Remediation Version includes the playbook remediations for the security standards defined as part of the Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0. For more information, refer to Appendix B.

Cost

You are responsible for the cost of the AWS services used to run the AWS Security Hub Automated Response and Remediation solution. Prices are subject to change. For full details, see the pricing page for each AWS service used in this solution.

The total cost to run this solution depends on the following factors:

  • The number of AWS Security Hub member accounts

  • The number of active automatically-triggered remediations

  • The frequency of remediation

The solution uses the following AWS components, which incur a cost based on your configuration. Estimates are provided for small, medium, and large environments.

Small environment

  • 10 accounts

  • 15 remediations per day per account (4,500 remediations per month)

  • Total cost $5.07 per month / $60.87 per year

Service Upfront Monthly First 12 months total Currency Configuration summary
AWS Service Catalog 0 5.00 60 USD One Service Catalog Portfolio per Security Hub
AWS Lambda 0 0.068 0.82 USD Number of requests (4,500) using 256 MB for 3.6 seconds average
Amazon CloudWatch Logs 0 0.0003 0.02 USD

2,000 per remediation per day

Retained for 12 months

Amazon Simple Notification Service (Amazon SNS) 0 0.0023 0.03 USD

4,500 notifications

Outbound < 1,000 per month

Medium environment

  • 100 accounts

  • 15 remediations per day per account (45,000 remediations per month)

  • Total cost $5.71 per month / $68.69 per year

Service Upfront Monthly First 12 months total Currency Configuration summary
AWS Service Catalog 0 5.00 60 USD One Service Catalog Portfolio per Security Hub
AWS Lambda 0 0.68 8.21 USD Number of requests (45,000) using 256 MB for 3.6 seconds average
Amazon CloudWatch Logs 0 0.0027 0.21 USD

2,000 per remediation per day

Retained for 12 months

Amazon Simple Notification Service (Amazon SNS) 0 0.0225 0.27 USD

45,000 notifications

Outbound < 1,000 per month

Large environment

  • 1000 accounts

  • 15 remediations per day per account (450,000 remediations per month)

  • Total cost $12.09 per month / $146.89 per year

Service Upfront Monthly First 12 months total Currency Configuration summary
AWS Service Catalog 0 5.00 60 USD One Service Catalog Portfolio per Security Hub
AWS Lambda 0 6.84 82.08 USD Number of requests (450,000) using 256 MB for 3.6 seconds average
Amazon CloudWatch Logs 0 0.0270 2.10 USD

2,000 per remediation per day

Retained for 12 months

Amazon Simple Notification Service (Amazon SNS) 0 0.2250 2.70 USD

450,000 notifications

Outbound < 1,000 per month