A scientific research agency adopts a continuous approach to vulnerability management

The customer has a a platform that enriches the innovation ecosystem by fostering broad-based engagements among enterprises. Enterprises can network, learn & collaborate to develop unique commercial solutions and explore new business opportunities.

Being in a highly regulated industry, one of the most important requirement is to ensure that the IT infrastructure is design such that their entire cloud resources abide to the guidelines dictated by industry regulations. Hence it is crucial for our customer to be continuously compliant and maintain non-vulnerable Cloud assets.

Proposed solution

Cloud Comrade is a AWS Managed Services partner for this organisation. Being part of their AWS journey from the beginning and having vast knowledge in AWS products and services in addition to the domain expertise we hold, helped us to understand the business challenge of our customer.

Cloud Comrade extended some components of Managed Security Services to the customer; namely:

1) Identity and access management
2) Data protection
3) Security logging and monitoring
4)24/7 threat and incident response
5) AWS resource visibility
6) Managed detection and response for AWS endpoints
7) Virtual Machine Scanning with Auto Patching
8) Vulnerability Management

Cloud Comrade implemented vulnerability assessment using QualysVMDR (Vulnerability Management Detection & Response) to manage customer assets by doing a host discovery and continuous vulnerability scans on external (internet facing) and internal IP based systems and networks. These scans proactively test for known vulnerabilities and the existence of mainstream industry practice security configurations so that the Cloud Comrade can proactively manage asset vulnerabilities for EC2 instances to ensure the instances continue to remain hardened.

Infraguard uses AWS config to fetch AWS resource list and metadata for each resource in our customer’s AWS account and uses AWS CloudTrail to fetch AWS events, events fetched from CloudTrail are correlated with the resources fetches from config and presented on Infraguard CMDB. Infraguard continuously scans all infrastructure assets every 15 minutes.

Cloud Comrade also uses security frameworks & principles such as zero trust, defence in depth and continuous threat hunting, and remediation. Proactive analysis is adopted to identify the risks using AWS native tools to ensure that the client environments are free from any form of threats. Continuous compliance solutions enabled automated monitoring and reporting of non-compliant infrastructure. Cloud Comrade also provides automated patching services which is a very important component of any security plan. The automated patching service is provided on a monthly basis to fix bugs or security vulnerabilities as continuous process.

In the security OU, the following AWS native services were enabled:

– AWS Detective
– AWS Inspector
– AWS Guarduty
– AWS config
– IAM Access Analyzer
– Trusted Advisor
– AWS KMS
– Infraguard (continuous check on misconfig & patch management)

To perform continuous vulnerability assessment, AWS Inspector is used for continuous scan on AWS workloads for vulnerabilities. AWS Detective and Guarduty helped to perform continuous threat hunting along with EventBridge to perform automated actions. Qualys is used for both un-authenticated and authenticated vulnerability scans. By default the scan is unauthenticated. Authenticated scan uses host authentication which allows users to login to each target system during the scan and can perform in-depth security assessment. Once the scan is completed, the severity of the vulnerabilities and most probable solutions will be provided in the report to the customers.

Cloud Comrade assigns a designated Security Analyst who serves as the client’s primary point of contact for reviewing the reports from Qualys and more involved technical queries of the customer.. The Security Analyst provides the client clear, consistent security consulting advice on their Vulnerability Lifecycle Management program.

Business Benefits

  • The solutions helped our customer to consistently maintain AWS resources in a compliant manner and ensure that non-vulnerable software; such as applications, dependencies and libraries, are not installed/deployed on AWS resources.
  • The simple presentation of vulnerabilities provides analysts greater, simpler insight to the network-wide risks faced by the customer on a continuous basis.
  • Visibility into the most critical assets, software and entry points that need addressing, along with the necessary details on how to do so.
  • Quality overview reports written for the purpose of presentation to customer management.
  • Improved cyber security posture against the ever-changing cyber threat landscape through improved vulnerability management.

Outcomes and Results

  • Reduced scan times – Qulays Scanning Engine reduced scan times by almost 80%.
  • Fewer false positives – Our solutions ability to reconcile and correlate recurring security assessments produces more accurate assessment data and requires less time and fewer resources to validate false positives.
  • Savings of approximately 40% over one year with Cloud Comrade MSSP services.
  • Winning more customers with a commitment to security – Today’s clienteles are security savvy and want to be reassured that the firm they partner with is diligent in protecting sensitive information.

AWS Services Used

AWS Organizations, AWS Identity and Access Management, AWS KMS, AWS Config, AWS Certificate Manager, AWS Guard Duty,AWS S3, AWS Cloud Watch, AWS Cloud Trail 3rd Party Tools – Qualys Virtualized Scanner Appliance for AWS, Trend Micro Cloud One.

Google+