Using Amazon GuardDuty to Centrally Manage and Monitor Security Risks

May 14 2018

The financial industry is especially susceptible to attacks from any number of outside entities. The security challenges posed by intrusion or attacks weighing heavily on financial institutions is exacerbated by the fact that the methods employed by untoward individuals or groups consistently change and evolve. To stay on top of the latest security challenges, companies will often look to outside help that specialize in security acumen and expertise.

One such company was attempting to find ways to solve this for their banking institutional client base. The company provides development and managed services for different banking institutions. They approached ClearScale, an AWS Premier Consulting Partner, to see if there was an efficient way to support different banks with similar environments and security monitoring in place without compromising their environments.

The Challenge

Creating AWS accounts and managing the banks’ services within that environment is a straight-forward process. Where the client was running into challenges was when it came to managing the accounts of each bank in a centralized manner. They not only needed to setup and deploy these separate AWS accounts, 3-4 for each bank, but they also wanted to have the ability for their Security department to centrally store, secure and process log data and findings, as well as provide and manage audit and compliance monitoring services from a central location.

This was further complicated by the fact that banks, like all financial institutions, are highly-regulated with regulatory requirements that vary between the national, state and local levels. Trying to find a way to centralize security monitoring and management for each bank and have the information sent and analyzed in a central location, all while making certain the security protocols were stringent enough to meet the needs of the regulations being imposed, was the greatest challenge.

The Solution

ClearScale used AWS Organization to create a security account structure for managing multiple accounts. Organizational units (OUs) were used to group accounts together to administer as a single unit and simplify the management. The client could then use this to set up and manage each banks’ environment.

Security Account Structure alt

Where the solution really found benefit to the client was how it addressed the security requirement. ClearScale turned to Amazon GuardDuty, a centrally managed threat detection service designed to monitor and protect AWS accounts and workloads and updated to stay on top of the latest threats. Once implemented and configured, GuardDuty allowed ClearScale to start monitoring billions of events in the environment to determine if there were any unusual API calls or account activity that might indicate the account was compromised.

Unlike other security tools or products, Amazon GuardDuty takes the activity monitoring one step further by leveraging machine learning technologies to actively analyze in near-real-time potential threats. To do so, it looks for anomalies in traffic patterns, service usages and account and workflow activities. The information being analyzed is streamed into a separate environment from the production environment thus allowing members of the Security department to review and act on issues identified by GuardDuty.

ClearScale leveraged AWS Config multi-account data aggregation capability, enabling centralized auditing and governance.

The Team also streamed log data from AWS services that were created for each environment, such as Virtual Private Cloud (VPC), Relational Database Service (RDS), Elastic Load Balancer (ELB), S3, CloudFront and CloudTrail, and put the logs into dedicated, bank specific information security account.

Centralized Logging Diagram alt

The Benefits

The final implementation streamed log files and findings for each of the AWS services implemented into bank-specific, Security department managed account, so that even if the logs were compromised the Security team would have visibility of what was going on in the specific environment. This centralization of security information also provided each bank the ability to monitor all environments at once without necessarily going into each individual AWS account and reduced the time and overhead needed to gather an enterprise-wide view of the status of AWS environments.

In an ever-evolving world of security threats, finding the right balance between actively monitoring and determining how to address issues as they appear can be a huge challenge. With the AWS service expertise that ClearScale has accumulated since its founding in 2011, overcoming these challenges and others no longer are barriers for companies that need to find solutions to complex problems. Partnering with ClearScale gives our clients confidence that the solutions we design, build and deploy will meet their organization’s needs far into the future.

Get in touch today to speak with a Cloud expert and discuss how we can help:

Call us at 1-800-591-0442
Send us an email: sales@clearscale.net
Fill out a Contact Form
Read our Customer Case Studies

San Francisco

Headquarters

71 Stevenson St.

Suite 400

San Francisco, CA 94105

O: 1-800-591-0442

F: 1-415-655-6601

San Jose

5450 Thornwood Dr

Suite #L

San Jose, CA 95123

Denver

1400 16th Street,

Suite 400

Denver, CO 80202

O: 1-720-932-8028

Phoenix

2942 N 24th Street,

Suite 114

Phoenix, AZ 85016

O: 1-602-560-1198

New York

165 Broadway, 23rd Floor

New York City, NY 10006

O: 1-646-759-3656

Houston

11757 Katy Freeway

Suite 1300

Houston, Texas 77079

O: 1-281-854-2088

Toronto

100 King Street West

Suite 5600

Toronto, Ontario, M5X 1C9

O: 1-416-479-5447

About Us  |  Careers  |  Privacy Policy
@ Subscribe
Share