Snyk integrates with AWS Security Hub to automate security remediation workflows
June 12, 2023
0 mins readAWS Security Hub is a cloud security posture management platform (CSPM) that automates security best practice checks, aggregates security alerts, and understands your overall security posture across different AWS accounts.
AWS Security Hub ingests security findings from other security services like Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS IAM, and AWS Firewall Manager — as well as findings from partners like Snyk.
Snyk’s most recent integration with AWS Security Hub allows security and operations teams to monitor and manage a variety of application security events, like critical vulnerabilities found in a production workload. With AWS Security Hub and Snyk, security practitioners can now manage security events from various sources in a more streamlined way, feeding alerts into a central location for security teams to analyze and prioritize security findings based on vulnerability severity.
Security engineers want to both analyze and respond to security events, and use AWS Security Hub to centralize their findings and create workflows, depending on the security issue, for separate teams to manage vulnerabilities as they’re discovered. If a firewall rule is too permissive, for example, the security team would see the issue within the Security Hub console and assign the fix to the IT operations team to manage. Security engineers can then create rules within Security Hub to manage “critical” vulnerabilities — such as using a notification tool, or even an AWS Lambda function, to alert on and remediate the vulnerability as quickly as possible.
The benefits of Snyk and AWS Security Hub
Snyk is validated to send security events into AWS Security Hub based on vulnerabilities found across the SDLC within first-party code, dependencies, containers, and IaC — both before and after applications have been deployed to AWS.
The integration allows security teams to help engineers increase operational efficiencies in development while simultaneously reducing security risks across the cloud environment and running application workloads by leveraging Snyk security data to manage new vulnerabilities as they’re discovered, or to apply newly available remediation advice to zero-day vulnerabilities. Benefits include:
Real-time detection when your engineering team deviates from security best practices.
Continuous aggregation of security findings from AWS services and 3rd parties in a standardized format to accelerate MTTR (mean time to resolution).
Automated response and remediation actions.
If, for example, a customer is running what they assume is a secure container in an Amazon EKS environment, but Snyk’s security research team finds a new critical vulnerability in an underlying open source package in that container, the Snyk team would add the vulnerability to Snyk’s vulnerability database, making it immediately available to all Snyk customers. Upon rescanning, the customer can then be notified of this new critical vulnerability, and trigger a notification workflow through AWS Security Hub to alert multiple teams to a new security risk that has appeared in EKS. Helping security teams trigger an automated workflow for remediation actions to either shut down the vulnerable container or to manage the vulnerability in development by asking the development team to patch the code using Snyk’s actionable remediation advice before shipping the app back into the EKS environment.
Snyk exports security events into AWS Security Hub in ASFF (AWS Security Finding Format) format to ensure data is easily correlated from findings across multiple vendors in a common format, streamlining data queries for AWS customers and allowing them to easily create custom data models and reports based on security findings from multiple sources.
How to configure Snyk’s integration with AWS Security Hub
Configuring Snyk’s integration with AWS Security Hub can take 15 minutes or less, and involves just a few simple steps.
In AWS
User enables Security Hub.
User enables Snyk as a partner that can send findings.
In Snyk
The steps to configure the integration are in the Snyk docs, but we can find all the required configurations directly from the Snyk UI. Snyk users simply:
Navigate to Snyk organization settings.
Add a Security Hub “registration” to their Snyk organization by providing the following information:
AWS region
AWS account ID
Registration Name
Select either all projects or specific projects to send findings.
Once configured, Snyk can send real-time findings to AWS Security Hub in a matter of seconds.
Snyk and AWS
Named #20 on Forbes Cloud 100 list in 2022, Snyk is a developer-friendly security platform that helps AWS customers find and fix security risks in code, open-source dependencies, containers, and IaC configurations. With tight integration into various IDEs, source control tooling, and CI/CD pipelines, Snyk meets developers wherever they work, including in AWS CodePipeline, Amazon ECR, Amazon EKS, AWS CloudTrail Lake, Amazon Inspector, and several other AWS services!
Together, Snyk and AWS power modern DevSecOps practices, securing code as it’s created, as well as the design of cloud-native infrastructure and containers, and the running cloud environment. As a strategic AWS partner, Snyk is technically validated to work seamlessly across both public and private AWS environments, integrated with the AWS services customers use to build and run their applications.
Want to learn more about Snyk’s developer-first security controls and how they might help you increase operational efficiencies in the cloud while reducing security risk? Check out our platform-wide demo on AWS to see the platform in action, or schedule a meeting with your Snyk representative!