Business Requirement & Challenges
A Major and well-established bank in New Zealand was looking to establish an effective security operations process to monitor and respond to security events emanating from their AWS cloud workloads. Bank required to cover each of the below security domains to design and deploy potent security controls to perform these compliance checks and align them with their regional banking regulatory requirements. The overall goal of this engagement was to enable the bank to achieve The Australian Prudential Regulation Authority (APRA) approval to start customer service from their newly developed cloud solution on AWS cloud.
- Vulnerability Management
- Configuration Compliance
- Security Incident Monitoring
- Privileged Activity Monitoring
- Standards Compliance
- Patching Compliance
Solution Provided
- Cloud-native logging was the preferred method for providing log sources.
- Cloud Trail logs was stored centrally in the Log account as a central log repository using KMS encryption.
- AWS System manager is used to deploy patches automatically on EC2 workloads.
- AWS Inspector will be used to perform vulnerability assessment of EC2 workloads.
- Security alerts from various AWS services will be sent to Security Hub for dashboard display.
- Security alerts from the security hub to be used by the security operations team to perform monitoring and response.
Business Benefits
- Automated in security operations
- Next generation tools to automate quick remediation of the threats
- Customized compliance dashboards
- Real time threat monitoring.
Technology Stack
- Security Hub
- GuardDuty
- Inspector
- Cloudtrail
- Config
- Config Rules
- CloudWatch Alarms
- Storage Gateway
- AWS WAF
PUBLISHED: 14th November 2024