Resource
Mission Helps Communication Firm Gain Visibility Into AWS Environment And Eliminate Unknown Vulnerabilities To Secure Digital Assets
The Challenge
The customer was dissatisfied with the level of support and response times delivered by a previous partner providing managed security services for threat detection and response. Additionally, the customer wanted help with vulnerability management and reporting on the security posture of its AWS infrastructure. With a small internal IT team, if the customer was compromised, it would not have enough visibility into a cyberattack to properly defend the digital assets within its cloud infrastructure.
The customer thus sought a proactive partner to adhere to AWS best practices for security, and to manage and monitor its AWS environment. The customer also wanted the partner to provide security enhancements and remediation along with continuous scanning and intrusion detection. This would give the customer confidence its AWS infrastructure would continue to deliver the performance customers demand.
Addressing this challenge was critical because the customer shared that “we do not know what we don’t know” about the security of its AWS environment. The customer thus needed a partner who could offer the expertise and responsiveness to identify and prioritize vulnerabilities, and then mitigate threats to make sure applications, data and other digital assets remain secure.
Strategy and Solution
The customer decided to partner with Mission, which offered its Mission MDR (Managed Detection and Response) service. Powered by the best-in-class Alert Logic platform for delivering comprehensive security coverage of AWS environments, Mission MDR features a team of security professionals with the necessary expertise and resources to provide 24/7 monitoring, attack detection, and incident response.
The Mission engineers—who are certified by AWS—are supported by Alert Logic security analytics and certified SOC analysts. Together, they deliver several key benefits in monitoring the customer’s AWS environment that includes Elastic Compute Cloud (EC2) and Identity and Access Management (IAM):
- Identifies and provides notification of critical security issues.
- Remedies threats and attacks following the customer’s response policy requirements.
- Conducts intrusion detection, log analysis and retention, and user-behavior anomaly detection.
- Provides ongoing reporting and quarterly security posture reviews.
With these services and the information delivered by the MDR reports, the customer now has complete visibility into the security posture of its AWS environment and any vulnerabilities that may be lurking.
Results and Benefits
As part of the MDR service, Mission deployed a server to capture and scan internal and external traffic across the customer’s servers to report vulnerabilities and potential malicious activity. Mission also implemented an agent on every customer device that accesses the AWS environment to identify additional potential vulnerabilities.
The combination of these services gives the customer both infrastructure and endpoint protection. Both services also integrate with anti-virus and anti-malware tools to stop the spread of viruses and malware across servers and end-user devices.
At the beginning of the engagement, Mission discovered 480 vulnerability incidents across the 27 hosts in the customer’s AWS environment. For any low-level to medium-level vulnerabilities, Mission immediately mitigated the issues and then reported the incidents to the customer. For high-level vulnerabilities, Mission first contacted the customer to notify them about the anomalous behavior. The customer then determined whether to address the issue internally or to turn it over to Mission for remediation.
The customer now has complete visibility of any vulnerabilities within its AWS environment, and they no longer “don’t know what they don’t know.” More importantly, the customer has a partner in Mission who can mitigate vulnerabilities and resolve any threats to digital assets.
Outcomes
- Provides ongoing capture and scanning of internal and external traffic across servers to identify vulnerabilities and malicious activity.
- Monitors endpoint devices for anomalous end-user behavior.
- Discovered 480 vulnerability incidents across the 27 hosts in the customer’s AWS environment.
- Remediates low-level and medium-level vulnerabilities automatically.
- Escalates high-level vulnerabilities to collaboratively plan mitigation activities.
AWS Services
- Elastic Compute Cloud (EC2)
- Identity and Access Management (IAM)
Third-Party Integrations
- Alert Logic