Published on: 15th August 2022
Cloud Comrade Provides Manage Services and Managed Security Services 24×7
Problem Statement
The Agency has a platform that enriches the innovation ecosystem by fostering broad-based engagements among enterprises. Enterprises can network, learn & collaborate to develop unique commercial solutions and explore new business opportunities.Being in a highly regulated industry, our customers’ primary requirement is to have their IT infrastructure mandated in such a way, their entire cloud resources abide by the guidelines dictated by industry regulations. Hence it is always very crucial for our customer to be continuously compliant and maintain non-vulnerable Cloud assets.
Proposed Solution
24×7 Support for AWS Cloud through CCMS to effectively manage business
Cloud Comrade Managed Services (CCMS) helps the customer adopt AWS at scale and operate more efficiently and securely. We leverage standard AWS services and offer guidance and execution of operational best practices with specialised automations, skills, and experience that are contextual to their environment and applications. Cloud Comrade Manage Services provides proactive, preventative, and detective capabilities that raise the operational bar and help reduce risk without constraining agility, allowing customers to focus on innovation. We extend the customer team with operational capabilities including monitoring, incident detection and management, security, patch, backup, and cost optimization.
Managed Security Services
Cloud Comrade also extended Cloud Comrade Cyber Defense Services (C3DS) to the agency, having vast knowledge in AWS products and services in addition to the domain expertise we hold, helping us to understand the business challenge of our customer.
Cloud Comrade provides the following managed services and security services to the customer
1) 24×7 Monitoring using New Relic
2) 24X7 Threat Management
3) 24X7 Incident Response
4) Identity and access management
5) Data protection
6) Security logging and monitoring
7) AWS resource visibility
6) Managed detection and response for AWS endpoints
7) Virtual Machine Scanning with Auto Patching
8) Vulnerability Management
9) Backup Management
10) Incident response
11) Cost Optimization
12) Performance Optimization
13) Configuration Management
Managed Services Key Solutions
24×7 Monitoring using New Relic
In addition to the standard metrics configured for proactive monitoring and alerting, we offer next generation monitoring for critical customer workloads, which include the following additional metrics:
- Standard Metric
CPU, Disk, Memory, Network, Amazon RDS Metric, Load Balancers Request and Response including response status codes, Tunnel state. - Additional Metrics
Application log data with specific metrics on error messages, Process and Synthetic Monitoring.
Outcomes and Results
- Centralised Monitoring: Cloud Comrade is able to analyse all data in real-time and monitor apps and AWS infrastructure in real-time using a single platform.
- Instant Deployment: Customers are able to get started in minutes using tool based deployment and have access to all the latest capabilities without the need for time-consuming, expensive upgrades.
- Elastic Scalability: New Relic’s multi-tenant architecture scales on demand to support customer’s rapid growth. Customers can burst the log ingestion as needed without manual intervention.
- Continuous Intelligence: With machine learning and predictive analytics, Cloud Comrade helps customers make sense of expected and unexpected behaviour across AWS environments with pattern, anomaly and outlier detection.
- Unified Logs and Metrics: Customers are now able to analyse multiple sources of data such as application logs, infrastructure logs and performance metrics in real-time.
24×7 Incident Response, monitoring integrated with ITSM tool
The New Relic tool is integrated with the Zoho desk and is automatically able to create tickets based on alerts raised for different metrics.
Outcomes and Results
- Visibility into Operations – Customers got visibility into operations by integrating of next generation monitoring tool to the ticketing system. As soon as the monitoring solution detects an event, the ticketing integration sends the necessary information (e.g., server name, alarm name, time, etc.) to the ITSM solution, which will create a record of the incident, thus, providing a visibility to the customer as which service is an issue which will create a record of the incident.
- Shortened Service Restoration Times – Systemic problems receive attention from management through regular ticketing reviews. Engineering teams get inputs to identify and resolve the root causes of these “normal” problems.
- Measuring Operations- Customers can measure the operations periodically based on the visibility into the tickets, their response and resolution time.
Automated patch management and Configuration Management using InfraGuard
InfraGuard uses AWS config to fetch AWS resource list and metadata for each resource in our customer’s AWS account and uses AWS CloudTrail to fetch AWS events, events fetched from CloudTrail are correlated with the resources fetched from config and presented on InfraGuard CMDB. InfraGuard continuously scans all infrastructure assets every 15 minutes.
Patching is done using an automated mechanism built on top of AWS SSM. We use InfraGuard, at which we configure schedules to perform the scanning of packages to be installed and the actual patching activity itself.
In the automatic patching process, there are several stages, including:
- Policy
Creation Policy which functions to give commands and there we can set the date when the policy will run, where there are 2 policies namely scan and install. Scan policy, where this policy aims to schedule when the server will be scanned. Install policy, where this policy aims to schedule when the server will update and for each policy, we can point to which server the policy will be applied to. - Process
After the policy is determined by the date, then when the time to scan or install is late, the policy will carry out activities automatically. - Result
After the policy is executed, the next thing that will appear automatically is the result of the scan/patching. The results of the scan will be sent via email to the specified destination. The result of the patching is in the form of a report which contains information on when the patch was made, what packages were installed and the instance and we send the report and notification to the customer.
Outcomes and Results
- Strengthen security -Automated Patch management helped prevent breaches by installing an available patch.
- Boost productivity – Helped boost Customer IT team productivity by moving over the manual cumbersome patch management to Cloud Comrade automated patch management services
- Reduction in Error – Automated patch management system helped reduce errors and allowed scheduled patching as per agreed patching cycle
- Simplified reporting – Automated patch management simplified patch reporting for compliance audits and ensures that necessary patches are deployed for security standards.
Managed Security Services Key Solutions
Cloud Comrade uses security frameworks & principles such as zero trust, defence in depth & continuous threat hunting & remediation. We adopt proactive analysis to identify the risks using AWS native tools to ensure that the client environments are free from any form of threats. Our continuous compliance solutions enabled automated monitoring and reporting of non-compliant infrastructure. Cloud Comrade also provides automated patching services which is a very important component of any security plan. The automated patching service is provided on a monthly basis to fix bugs or security vulnerabilities as a continuous process.
In the security OU, by default we enable AWS native services such as
– AWS Inspector
– AWS Guarduty
– AWS config
– IAM Access Analyzer
– Trusted Advisor
– AWS KMS
– InfraGuard (continuous check on misconfig & patch management)
To perform continuous vulnerability assessment AWS Inspector is used for continuous scan on AWS workloads for vulnerabilities.
We use AWS guard duty to perform continuous threat hunting along with EventBridge to perform automated actions.
Cloud Comrade assigns a designated Security Analyst who serves as the client’s primary point of contact for reviewing the reports from Qualys and more involved technical queries of the customer.. The Security Analyst provides the client clear, consistent security consulting advice on their Vulnerability Lifecycle Management program.
Continuous Vulnerability Management
Cloud Comrade implemented vulnerability assessment using Qualys VMDR (Vulnerability Management Detection & Response) to manage customer assets by doing a host discovery and continuous vulnerability scans on external (internet facing) and internal IP based systems and networks. These scans proactively test for known vulnerabilities and the existence of mainstream industry practice security configurations so that the Cloud Comrade can proactively manage asset vulnerabilities for EC2 instances to ensure the instances continue to remain hardened.
Outcomes and Results
- Reduced Scan Times – Qualys Scanning Engine reduced scan times by almost 80%.
- Fewer False Positives – Our Solutions ability to reconcile and correlate recurring security assessments produces more accurate assessment data and requires less time and fewer resources to validate false positives.
- Realising a savings of approximately 40% over one years with Cloud Comrade MSP and MSSP services
- Winning more Customers with a Commitment to Security Today’s clientele are security savvy and want to be reassured that the firm they choose is diligent in protecting sensitive information.
- Improved cyber security posture against the ever-changing cyber threat landscape through improved vulnerability management.
