Question 1

What's the difference between AWS Security Hub and Amazon GuardDuty?

Accepted Answer

GuardDuty is a threat detection service that analyzes signals (like CloudTrail, VPC Flow Logs, and DNS logs) to detect suspicious activity and generates findings. Security Hub is a central dashboard that aggregates findings from GuardDuty and many other sources (AWS services and partner tools), correlates and normalizes them, and provides security standards checks so you can manage everything in one place.

Question 2

When should I use AWS Security Hub?

Accepted Answer

Use Security Hub when you want a single place to view and prioritize security findings across multiple AWS services and accounts, track compliance against common security standards, and integrate alerts into your incident response workflow. It’s especially useful for organizations running multiple AWS accounts (for example, via AWS Organizations) or using several security tools that produce separate alerts.

Question 3

How much does AWS Security Hub cost?

Accepted Answer

Security Hub pricing is based on factors such as the number of security checks performed for enabled standards and the volume of findings ingested. Costs vary depending on how many accounts/regions you enable, which standards you turn on, and how many integrated products generate findings. For exact rates and to estimate spend, use the AWS Security Hub pricing page and the AWS Pricing Calculator.

Security Hub

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms