AWS Security Hub now offers Network Scanning to identify publicly reachable resources

Published
July 8, 2026
https://aws.amazon.com/about-aws/whats-new/2026/07/aws-security-hub-network-scanning/

AWS Security Hub Network Scanning

AWS Security Hub introduces Network Scanning, a capability that identifies resources in your environment that are reachable from the public internet. Network Scanning probes your resources from the internet to detect actual reachability, not just what could be reachable based on security group rules and route tables. It discovers public IP addresses, virtual machines, and load balancers across your AWS and Azure environments, identifies reachable ports, and determines what services are running behind them.

Network Scanning complements Security Hub’s existing network reachability findings, which identify configurations that could make a resource reachable from the internet. Network Scanning confirms actual reachability from the internet. Each reachable port generates a Security Hub finding with evidence of the port and service discovered. Security Hub Exposures then automatically correlates these findings with other findings and resource configurations to determine broader risk.

What to do

  • Enable Network Scanning in individual accounts and regions, or across an organization via a configuration policy.
  • Network Scanning is on by default for new Security Hub customers.
  • Network Scanning is included with Security Hub Essentials at no additional cost in all AWS commercial Regions that support Security Hub.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.