AWS has launched a new version of its Security Hub, called Security Hub Extended, to reduce cross-domain security tool sprawl by correlating findings across multiple security domains within a single mini-SOC. The update, announced in early 2026, allows customers to bring third-party solutions into the same hub, with a curated set of vendors including 7AI, Britive, CrowdStrike, Cyera, Island, Noma, Okta, Oligo, Opti, Proofpoint, SailPoint, Splunk, Upwind, and Zscaler.
Data from these vendors is transmitted in the open cybersecurity schema framework (OCSF), enabling instant cross-domain correlation and more granular threat detection. The model also streamlines product management by making AWS the seller of record and combining charges for selected curated partner solutions into a single AWS monthly bill, though customers pay for each solution within that invoice.
Pricing offers pay-as-you-go with no upfront investments and no long-term commitments, with flat-rate options also available, and customers can still integrate existing third-party findings into Security Hub if they prefer, albeit without the single-invoice benefit. according to AWS