GeoComm boosts security with Amazon Web Services

With a multi-account, cloud-native solution, SHI ensured CIS compliance for a communications engineering and GIS mapping provider.

Challenge:

GeoComm, a communications engineering and GIS mapping provider, required the following:

• A comprehensive, easily managed, cost-effective, multi-account solution that would address security, compliance, and governance at scale.
• A centralized location to view and enforce CIS compliance.
• A cloud-native tool to identify threats for malicious activity and unauthorized behavior.
• Aggregation of high-priority security alerts and assessment of security posture across all their cloud accounts.
• Evaluation of their current observability stack with a focus on dashboard visualization, metric and log aggregation, anomaly detection, and alerting. Tested against the monitoring tools in the AWS portfolio, their current observability solution was assessed in cost, ease of use, and overall available features.
• A partner with AWS cloud expertise to align them with AWS best practices.

Utilizing their existing relationship with SHI, GeoComm reached out for assistance with these tasks, asking us to build an observability stack using AWS native tools to determine the best solution.

Solution:

After sufficient evaluation, SHI utilized an AWS-native solution in multiple phases to address GeoComm’s security, compliance, and governance initiatives.

In phase one, the provided solution:

• Improved upon the organizational account structure, creating a set of organizational units within AWS to logically group accounts by environment.
• Met GeoComm’s governance and compliance requirements through the AWS CIS Conformance Pack.
• Centralized AWS Config compliance findings using AWS CloudFormation StackSets.
• Allowed for a reduction in manual configuration of AWS resources, and provided an automated strategy to provision additional accounts.

In the second phase, the solution:

• Deployed AWS GuardDuty across the AWS Organization to provide multi-account cost-effective threat detection.
• Supported GeoComm’s need to track both high-priority security alerts and general security posture as aggregated findings across the AWS Organization—all by using AWS Security Hub.

In the final phase, the solution:

• Created a multi-account monitor using Amazon CloudWatch Events, CloudWatch Alarms, Amazon CloudTrail, and Amazon CloudWatch Dashboards.
• Supplied account-based reporting and monitored key performance metrics for anomalies, alerting the appropriate parties accordingly.

Outcome:

The solution enabled the customer to enforce CIS compliance, identify threats, assess infrastructure performance issues, and introduced the following benefits:

• Consistent compliance and governance enforcement using AWS Config, AWS Conformance Packs, and AWS CloudFormation StackSets.
• An automated strategy for account provisioning with consistent detection and preventative guardrails.
• Reduction of manual configuration through repeatable and consistent deployments, using AWS CloudFormation Templates and StackSets.
• Native, cost-effective threat detection solution powered by machine learning and anomaly detection across AWS accounts, using AWS GuardDuty.
• A comprehensive, consistent, and aggregated view of security posture, including high-priority issues across accounts and AWS services.
• Tailored dashboards with granular anomaly detection.