Multi-Stage Cyber Attacks: AWS Security VP on Detection & AI Risks

March 24, 2026 Rachel Kim – Technology Editor Technology

Amazon Web Services (AWS) is expanding its Security Hub to incorporate multicloud environments, a move signaling a broader strategy to provide unified security operations across diverse IT infrastructures. The expansion, announced March 11, 2026, aims to address the increasing complexity faced by enterprises managing security across on-premises systems, private data centers, and multiple cloud providers.

Gee Rittenhouse, Vice President of Security Services at AWS, outlined the initiative in a blog post, emphasizing the need for a simplified security approach. “Enterprises today operate across a complex mix of environments…making it harder to stay ahead of threats across an increasingly complex environment,” Rittenhouse wrote. The expanded Security Hub will leverage a common data layer to unify security signals from various environments, and a policy and operations layer to provide a single view for exposure analysis and risk management.

The move comes as hyperscalers increasingly look beyond their own platforms to offer broader security solutions. AWS Security Hub Extended, launched prior to the multicloud expansion, simplifies the procurement and integration of security tools across endpoints, identity systems, email, networks, data repositories, browsers, cloud environments, artificial intelligence applications, and security operations centers. Customers can now procure security products from partners like CrowdStrike, Okta, Proofpoint, Splunk, and Zscaler through Security Hub, with AWS acting as the seller of record.

According to AWS, the core of the expanded Security Hub will integrate existing AWS security services, including Amazon GuardDuty, Amazon Inspector, AWS Security Hub Cloud Security Posture Management (Security Hub CSPM), and Amazon Macie. These services will operate together to analyze security signals related to threats, vulnerabilities, misconfigurations, and sensitive data. The goal is to reduce the time security teams spend translating signals and increase their ability to respond to risks effectively.

Rittenhouse, who previously served as CEO of Skyhigh Security and held a leadership role at Cisco’s Security Business Group, has been instrumental in shaping AWS’s security strategy. His background reflects a growing trend of security leaders moving from independent security firms to major cloud providers, signaling the increasing importance of cloud security expertise.

The expansion of Security Hub also includes external network scanning capabilities, extending security visibility beyond the AWS cloud. This feature, combined with the unified operations layer, aims to provide security teams with near real-time risk analytics, automated analysis, and prioritized insights.

AWS plans to further integrate Security Hub with its partner marketplace, mirroring the functionality of AWS Marketplace, to streamline the procurement process for cybersecurity products. The company has not yet announced a specific timeline for the full rollout of multicloud capabilities, but indicated that further details will be shared at upcoming industry events.