Amazon Web Services Inc. today announced an expansion of the AWS Security Hub designed to unify operations across multicloud environments and third-party security tools.

The update positions the offering as a centralized platform for aggregating security findings and helping security teams investigate and respond to threats from a single location.

AWS Security Hub was originally launched as a service focused on consolidating security alerts from AWS services, but with today’s announcement, it’s being extended to operate as a broader operational layer for cloud security. The new capabilities allows organizations that operate across multiple cloud providers to use a growing number of specialized AWS security tools.

Expanding outside the AWS ecosystem is key to what’s new. Security Hub can now collect and correlate findings from a wider ecosystem of partner technologies, including identity protection, endpoint security, vulnerability management and cloud infrastructure protection platforms. The service can combine signals from different tools and present them in a unified console by normalizing alerts from disparate services into a common data model.

Security teams often struggle with fragmented visibility as alerts and risk data are spread across separate dashboards. AWS argues that this fragmentation slows incident response and makes it harder to identify the issues that pose the greatest risk to an organization. Security Hub now addresses the challenge by correlating related findings and highlighting the most critical risks, including linking vulnerabilities, misconfigured resources and identity risks together to show how they may combine to create exploitable exposure.

The system now enriches alerts with contextual information to help analysts investigate incidents more quickly, such as linking related security events and identifying the resources, accounts and services affected by a potential threat.

AWS also noted that the platform can automate parts of the investigation and remediation process through integrations with other AWS services and security workflows. That allows teams to respond to security findings more quickly while maintaining consistent policies across environments.

The expansion reflects the reality in 2026 in that most large enterprises now operate hybrid and multicloud environments where security teams must manage risk across multiple platforms and tools. By integrating partner technologies into the platform, AWS is attempting to provide a single operational layer that spans those environments.

According to Gee Rittenhouse, vice president of security services at AWS, today’s news is part of a vision behind AWS Security Hub, one that offers “unified security through a single, integrated security operations experience, built on a common data foundation, powered by intelligent analytics and delivered through a consistent operations layer, to help reduce security risk, improve team productivity and strengthen security operations across AWS and beyond.”

The newly expanded AWS Security Hub will be demonstrated at the RSAC cybersecurity conference in San Francisco March 23-26.

Image: AWS