Cloud Security AWS Expands Security Hub Into a Cross-Domain Security Platform The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains. By Kevin Townsend | March 2, 2026 (7:30 AM ET) Flipboard Reddit Whatsapp Whatsapp Email AWS has launched a new version of its Security Hub that solves the massive workload involved in cross domain security solution correlation and management. The original AWS Security Hub was announced in 2018, designed to aggregate and prioritize alerts from AWS and third-party security tools. In late 2025 , AWS announced a ‘re-imagined’ Security Hub. It unified several of its own security tools, including Inspector and GuardDuty, effectively into a mini-SOC. Inspector is vulnerability scanning; GuardDuty is threat detection. In the re-imagined Security Hub, they can now integrate under a single pane of glass to map activity against vulnerabilities to highlight the most urgent threats and help customers prioritize and respond to their most critical security risks. Now, in early 2026, AWS announced Security Hub Extended . This allows customers to bring third party solutions into the same mini-SOC. It is, writes AWS, “A plan of Security Hub that simplifies how you procure, deploy, and integrate a full-stack enterprise security solution across endpoint, identity, email, network, data, browser, cloud, AI, and security operations.” For now, this full integration is limited to a range of curated vendors, selected from AWS customers’ own preferences. The current vendors include 7AI, Britive, CrowdStrike, Cyera, Island, Noma, Okta, Oligo, Opti, Proofpoint, SailPoint, Splunk, Upwind, and Zscaler. The intent is to offer integrated full stack security within AWS. “The selection was customer-driven,” explains Michael Fuller, director of security services at AWS. “Over the last four months, we went directly to our largest and fastest-growing enterprise customers and asked them which specific solutions they wanted us to prioritize in each category for the initial launch. We are committed to listening to customers and expanding the partner set over time.” Advertisement. Scroll to continue reading. The integration is made possible by the partner vendors all providing their findings in the open cybersecurity schema framework (OCSF). The data brought into the Security Hub Extended framework is consequently pre-normalized, and Security Hub Extended can perform instant and automatic cross-domain correlation to detect and highlight more granular threats. The new Hub goes beyond simplifying output correlation – it also simplifies product management whenever one of the partner vendors is used. AWS becomes the seller of record, and no matter how many of the partner vendors are used, there is only one invoice combined within the single AWS monthly bill. “AWS is the seller of record, with pre-negotiated pricing and a single bill covering all selected curated partner solutions,” explains Fuller. “Customers select only the solutions they need. A customer using multiple curated partner solutions would pay for each solution selected.” But always within the single invoice. He continues, “Security Hub Extended plan offers flexible pay-as-you-go pricing with no upfront investments and no long-term commitments. Flat-rate pricing is also available.” Customers are not required to use third-party vendors from the curated partners list. “Security Hub already supports multiple third-party partner integrations through its standard program,” adds Fuller, “so a customer’s existing vendor can already send findings into Security Hub today.” But this would require additional work from the customer and would not qualify for the single invoice structure. The triple benefit of Security Hub Extended is intended to be an easier correlation of security findings within the Hub’s mini SOC offering automated and improved full stack security; no additional coding required from the customer; and drastically reduced administrative overhead in finding, negotiating and on-going payment for multiple separate third party solutions. Related : Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS Related : AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure Related : AWS Launches Incident Response Service Related : AWS Using MadPot Decoy System to Disrupt APTs, Botnets Written By Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO Autonomous AI Agents Provide New Class of Supply Chain Attack NIST’s Quantum Breakthrough: Single Photons Produced on a Chip OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems API Threats Grow in Scale as AI Expands the Blast Radius CISA Navigates DHS Shutdown With Reduced Staff Latest News Nick Andersen Appointed Acting Director of CISA North Korean APT Targets Air-Gapped Systems in Recent Campaign Google Working Towards Quantum-Safe Chrome HTTPS Certificates US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates Hackers Weaponize Claude Code in Mexican Government Cyberattack Canadian Tire Data Breach Impacts 38 Million Accounts Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. Nscale has appointed Latha Maripuri as Chief Information Security Officer. BreachRx has named Young-Sae Song as Chief Marketing Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email