The new AWS Security Hub Extended significantly reduces the operational burden of managing cross-domain security by offering a unified management console. This update allows organizations to correlate third-party security data and consolidate multiple vendor invoices into a single AWS bill.
AWS first introduced Security Hub in 2018 to help users organize alerts from various tools, but the platform has recently undergone a major transformation. In late 2025, the service was reimagined to function as a centralized security operations center by integrating internal tools like Inspector for vulnerability scanning and GuardDuty for threat detection. This integration allows the system to map active threats against known vulnerabilities, helping security teams focus on their most critical risks through a single interface.
The latest evolution, Security Hub Extended, expands this capability by allowing customers to bring external security solutions into the same environment. This new tier is designed to simplify the procurement and deployment of full-stack security across diverse domains, including identity, endpoint, and network data. By pulling these disparate sources into one location, AWS aims to provide a comprehensive view of an enterprise's entire security posture without the usual integration headaches.
To ensure seamless data sharing, AWS selected an initial group of curated vendors based on direct feedback from large enterprise customers. These partners include major industry names such as CrowdStrike, Okta, and Zscaler, all of whom provide their security findings using the open cybersecurity schema framework. Because the data is pre-normalized, Security Hub Extended can automatically correlate information across different domains to identify complex threats that might otherwise go unnoticed.
Beyond the technical benefits, the update streamlines the financial and administrative side of security management. AWS acts as the seller of record for these curated partner solutions, meaning customers receive one unified monthly invoice regardless of how many different vendors they use. The pricing model is flexible, offering pay-as-you-go options without long-term commitments, which removes the traditional friction of negotiating separate contracts with multiple security providers.
While customers can still use third-party tools outside of the curated list, the Extended version offers the specific advantages of automated correlation and simplified billing. The primary goal of this rollout is to provide a triple benefit: improved full-stack security through easier data correlation, the elimination of custom coding for integrations, and a massive reduction in the administrative work required to manage a modern security stack.
Source: AWS Expands Security Hub Into Cross-Domain Platform For Enhanced Security