ITC Infotech acquires Blazeclan Technologies to enhance Multi-Cloud services and fast-track digital transformation

Design of Cloud Security Platform for a Security Services Provider ​

Business Requirement & Challenges​

  1. The customer, a global security service provider head-quartered in Singapore wanted to consolidate security incidents from their multiple accounts in the AWS Landing Zone. Planning to have automation in place for responding effectively to certain security findings, the customer wanted to have security controls for reducing the time taken in the manual response process. ​
  2. Their strategic aim was to centralize the cloud security operations and alerting mechanisms through automation, integrating it after with existing ticketing tools. All this so that the operations team could handle the security incidents effectively and efficiently.​  ​

Solution Provided ​

  1. Since the customer’s landing zone was organization-enabled, AWS-supported feature was used to automate and streamline the process of integrating the security hub with its member accounts. This enabled the security hub in all the existing member accounts and new accounts added to landing zone.​
  2. There was no creation of any additional codes for IaC. All necessary actions were performed and handled automatically by AWS​
  3. The AWS Security Hub enablement via AWS Management Console has been done based on the fact that the current landing zone has an organization unit structure. The customer was recommended to go for the enablement of AWS Security Hub under the organization, so that it gets enabled for all accounts encompassed by it. This also ensured the enablement of AWS Security Hub in new accounts when added to the organization.​

Business Benefits​

  1. The security platform for integration and automated response helped the customer to visualize and understand their security gaps on a single plane​
  2. With the help of automated response to security findings, the attack surface was reduced ​
  3. A single pane of window was achieved for all security incidents across 100+ accounts​
  4. Effective use of serverless services enabled automatic response and remediation of the selected set of incidents​

Outcome/Results​

  • Manual intervention in service requests and incident response was reduced by 25% in the first three months​

  • 15% cost was optimized by automating remediation and response to security operations.​

Technology Stack​

  1. AWS Security Hub​
  2. Amazon GuardDuty​
  3. Amazon CloudTrail​
  4. AWS Config​
  5. Amazon CloudWatch​
  6. Amazon SNS​
  7. AWS Lambda​
  8. Amazon S3​
  9. Amazon Event Bridge​

PUBLISHED: 14th November 2024