About the Company
CMS better known as Capital Market Solutions provides consultancy and advisory services to financial services companies. Provides Solution for Investment Banks, Exchanges, Broker-Dealers, Hedge Funds, Asset Managers, Trading and Clearing Firms
The Challenge
The company is dealing in Financial domain they wanted best security practice for sensitive dat and visibility and tracking in the best possible way though out different environment and all projects. Company wanted to analyze flow of all utilized resources and make decision on cost optimization for unused resources, manage foot prints and manage access to highly sensitive application in Production. Challenge was needed to create a centralized security solution which will cover 24×7 monitoring of security events with Intelligent threat detection and application security with consolidated logging. Should have intrusion and behavior monitoring including types of anomalous activity to be identified
and investigated. Ensure all its records and logs are available and contain sufficient details to support incident investigation and forensic investigations (FI). Ensure its logging and monitoring capability is functioning correctly and continuously at all times. For security audit Client must be able to demonstrate its controls, capabilities and practices for protecting Client Data are in place effectively and
appropriately. Should have process for collecting and storing security event and log information. Should have process for manage risk and compliance with regulations and industry standards.
Proposed solution
Kapstone proposed Single account to AWS Control Tower account migration which provides centralized management and best security practice. Eliminate access to resources which are highly vulnerable and sensitive. Cloud Formation Templates to launch and configure existing and new account, resources and components to generate logs. Store Logs to central location using AWS Kinesis for real time activity and
Simplify visualization of logs. Generate alert based on the event for security and action. Separation of different environment for security and cost effectiveness. Two Factor authentication and Secured ends with backup plans. Kapstone proposed solution using AWS Security Hub which act as an SIEM having a 24×7 monitoring(Security Operations Centre) of security events or alerts which provides centralized management and best security practice. To eliminate threat and continuously monitoring AWS accounts and workloads for malicious activity with detailed security findings for visibility and remediation we implemented Amazon GuardDuty. Intrusion and behavior monitoring including types of anomalous
activity will identify and investigated through this solution. Kapstone implemented AWS WAF to Protect Web Attacks with minimum latency impact on incoming traffic. This solution protects web applications against threats by filtering traffic according to the rules we created. For Logging, Monitoring, Auditing We implemented a solution which will ensure all records and logs are available and sufficient details to support incident investigation and forensic investigations (FI). Proposed solution will help to store All system logs will be maintained and recorded with accurate timestamp and all system clocks must be synchronized at all times.
How AWS was used as part of the solution
We added more aws services to secure and added best practice in the new custom structure to meet the compliance
Outcome(s)/results
AWS Control Tower provides the easiest way to set up and govern a new and secure, multi-account AWS environment based on best practices and the AWS Well-Architected Framework concepts. Using AWS Control Tower, administrators can provision new AWS accounts with minimal effort, while still adhering to company-wide security and compliance policies. AWS Security Hub will Reduced effort to collect and prioritize findings with Ability to automate remediation of findings. Automatic security checks against best practices and standards with Consolidated view of findings across accounts and providers. Amazon GuardDuty Protect your AWS accounts with intelligent threat detection Continuously monitor your AWS accounts, instances, container workloads, users, and storage for potential threats. Expose threats quickly using anomaly detection, machine learning, behavioral modeling, and threat intelligence feeds from AWS and leading third parties. Mitigate threats early by initiating automated responses. AWS WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. All the logs will save accordingly in control tower centralized logging account as required. This will help the client to get End- to-End Visibility, Reduced Efforts, Centralized Logging, Increase Productivity and Autonomous Decision Making with cost effective secure environment.