Conclusion and next steps - AWS Prescriptive Guidance

Conclusion and next steps

In summary, an effective vulnerability management program requires thorough preparation and requires that you enable the right tools and integrations, fine-tune those tools, efficiently triage issues, and continuously report and improve. By following the best practices in this guide, organizations can build a scalable vulnerability management program on AWS to help secure their cloud environments.

You can expand on this program to include additional security-related vulnerabilities and findings, such as application security vulnerabilities. AWS Security Hub supports custom product integrations. Consider using Security Hub as the integration point for additional security tools and products. This integration allows you to take advantage of the processes and workflows you've already established in your vulnerability management program, such as the direct integration with product backlogs and the monthly security review meetings.

The following table summarizes the phases and action items described in this guide.

Phase Action items
Prepare

  • Define a vulnerability management plan.

  • Distribute ownership of findings.

  • Develop vulnerability disclosure program.

  • Develop an AWS account structure.

  • Define, implement, and enforce tags.

  • Monitor AWS security bulletins.

  • Enable Amazon Inspector with a delegated administrator.

  • Enable Security Hub with a delegated administrator.

  • Enable Security Hub standards.

  • Set up Security Hub cross-Region aggregation.

  • Enable consolidated control findings in Security Hub.

  • Set up and manage Security Hub integrations, including applicable downstream integrations with SIEM, GRC, or product backlog or ticketing systems
Triage and remediate

  • Route findings based on multi-account strategy.

  • Route findings to security, cloud, and application or developer teams.

  • Tune security findings to make sure that they are actionable for your specific environment.

  • Develop automated remediation mechanisms, when possible.

  • Implement CI/CD pipeline controls or other guardrails that help prevent security findings, when possible.

  • Use Security Hub automation rules to escalate or suppress findings.
Report and improve

  • Hold monthly security operations meetings.

  • Use Security Hub insights to identify anti-patterns.