Using Amazon GuardDuty to Centrally Manage and Monitor Security Risks

May 14 2018
image

The financial industry is especially susceptible to attacks from any number of outside entities. The security challenges posed by intrusion or attacks weighing heavily on financial institutions is exacerbated by the fact that the methods employed by untoward individuals or groups consistently change and evolve. To stay on top of the latest security challenges, companies will often look to outside help that specializes in security acumen and expertise.

One such company was attempting to find ways to solve this for their banking institutional client base. The company provides development and managed services for different banking institutions. They approached ClearScale, an AWS Premier Consulting Partner, to see if there was an efficient way to support different banks with similar environments and security monitoring in place without compromising their environments.

The Challenge

Creating AWS accounts and managing the banks’ services within that environment is a straight-forward process. Where the client was running into challenges was when it came to managing the accounts of each bank in a centralized manner. They not only needed to set up and deploy these separate AWS accounts — three to four for each bank — but they also wanted to have their Security department centrally store, secure, and process log data and findings, as well as provide and manage audit and compliance monitoring services from a central location.

This was further complicated by the fact that banks, like all financial institutions, are highly-regulated, with regulatory requirements that vary between the national, state, and local levels. Trying to find a way to centralize security monitoring and management for each bank and have the information sent and analyzed in a central location, all while making certain the security protocols were stringent enough to meet the needs of the regulations being imposed, was the greatest challenge.

The Solution

ClearScale used AWS Organization to create a security account structure for managing multiple accounts. Organizational units (OUs) were used to group accounts together to administer as a single unit and simplify the management. The client could then use this to set up and manage each banks’ environment.

Security Account Structure alt

Where the solution really found benefit to the client was how it addressed the security requirement. ClearScale turned to Amazon GuardDuty, a centrally managed threat detection service designed to monitor and protect AWS accounts and workloads, and updated often to stay on top of the latest threats. Once implemented and configured, GuardDuty allowed ClearScale to start monitoring billions of events in the environment to determine if there were any unusual API calls or account activity that might indicate the account was compromised.

Unlike other security tools or products, Amazon GuardDuty takes the activity monitoring one step further by leveraging machine learning technologies to actively analyze in near real-time potential threats. To do so, it looks for anomalies in traffic patterns, service usages, and account and workflow activities. The information being analyzed is streamed into a separate environment from the production environment, thus allowing members of the Security department to review and act on issues identified by GuardDuty.

ClearScale leveraged AWS Config multi-account data aggregation capability, enabling centralized auditing and governance.

The Team also streamed log data from AWS services that were created for each environment, such as Virtual Private Cloud (VPC), Relational Database Service (RDS), Elastic Load Balancer (ELB), S3, CloudFront, and CloudTrail, and put the logs into dedicated, bank-specific information security account.

Centralized Logging Diagram alt

The Benefits

The final implementation streamed log files and findings for each of the AWS services implemented into bank-specific, Security department managed accounts, so that even if the logs were compromised the Security team would have visibility of what was going on in the specific environment. This centralization of security information also provided each bank the ability to monitor all environments at once without necessarily going into each individual AWS account, which reduced the time and overhead needed to gather an enterprise-wide view of the status of AWS environments.

In an ever-evolving world of security threats, finding the right balance between actively monitoring and determining how to address issues as they appear can be a huge challenge. With the AWS service expertise that ClearScale has accumulated since its founding in 2011, overcoming these challenges and others are no longer barriers for companies that need to find solutions to complex problems. Partnering with ClearScale gives our clients confidence that the solutions we design, build, and deploy will meet their organization’s needs far into the future.

Get in touch today to speak with a cloud expert and discuss how we can help:

Call us at 1-800-591-0442
Send us an email at sales@clearscale.com
Fill out a Contact Form
Read our Customer Case Studies

San Francisco

Headquarters

71 Stevenson St.

Suite 400

San Francisco, CA 94105

O: 1-800-591-0442

F: 1-415-655-6601

San Jose

5450 Thornwood Dr

Suite #L

San Jose, CA 95123

Denver

1400 16th Street,

Suite 400

Denver, CO 80202

O: 1-720-932-8028

Phoenix

2942 N 24th Street,

Suite 114

Phoenix, AZ 85016

O: 1-602-560-1198

New York

165 Broadway, 23rd Floor

New York City, NY 10006

O: 1-646-759-3656

Houston

11757 Katy Freeway

Suite 1300

Houston, Texas 77079

O: 1-281-854-2088

Toronto

100 King Street West

Suite 5600

Toronto, Ontario, M5X 1C9

O: 1-416-479-5447

About Us  |  Careers  |  Privacy Policy
Share