Question 1

What's the difference between AWS Security Hub and Amazon GuardDuty?

Accepted Answer

GuardDuty is a threat detection service that generates findings (for example, suspicious API calls or unusual network behavior). Security Hub is an aggregation and posture-management service: it collects findings from GuardDuty and many other sources, normalizes them, correlates them, and shows them in one dashboard with standards-based checks.

Question 2

When should I use AWS Security Hub?

Accepted Answer

Use Security Hub when you have multiple AWS accounts, regions, or security tools and you want one place to view, prioritize, and track security findings and compliance checks. It’s especially useful if you want to enable security standards (like AWS Foundational Security Best Practices or CIS benchmarks), centralize alerts for a SOC, and automate routing/remediation using EventBridge.

Question 3

How much does AWS Security Hub cost?

Accepted Answer

Security Hub pricing is primarily based on the number of security checks performed (for enabled standards) and the number of findings ingested. Costs increase with more accounts/regions, more enabled standards and controls, and higher finding volume from integrated services and partner products. Always estimate using the AWS Pricing page and consider reducing noise by tuning sources and suppressing low-value findings.

Security Hub

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms