Firth Investment Management: Managed End Point Detection and Response Services

Firth Investment Management is an independent specialist firm that manages Asia ex-Japan small cap (smaller companies) portfolios. The customer was looking for a professional services and managed services provider with comprehensive Amazon Web Services (AWS) competency for the migration, operation and security services who can provide comprehensive, automated security solution to protect enterprise workloads in the cloud from critical new threats, like ransomware, that can cause significant business disruptions, while helping to accelerate regulatory compliance.

Proposed Solution

Cloud Comrade Cyber Defence Services (C3DS) provides the following Managed Security Service Services to the organisation with a focus on 24×7 Security Operations, and EC2 workloads security management:

1) Security logging and monitoring
2) 24/7 threat and incident response
3) Managed detection and response for AWS endpoint
4) Virtual Machine Scanning with Auto Patching

C3DS uses Trend Micro Deep Security and AWS Cloud Native tools like AWS Guard Duty, AWS Config, AWS Cloud Watch, AWS Lambda to provide:

1) Near real-time monitoring and managing of security alerts & mitigating the threats in AWS EC2 instances – Protects servers against zero-day malware and ransomware, identifies suspicious behaviour and shields network from vulnerabilities before they can be exploited. The solution triggers a ticket in the service desk tool of any such event which is responded by the Security Engineer as per the C3DS event and incident management process.

2) Host-based intrusion prevention services – Examines all incoming and outgoing traffic at the packet level, search for protocol deviations, policy violations, or any content that can signal an attack. The Threat Management features implemented using trend micro to secure layer 3 & layer 4 are as following:

– Anti-Malware
– Firewall
– Intrusion Prevention System
– File integrity
– Application control
– Web reputation
– Device control
– Activity monitoring
– Integrity monitoring
– Log Inspection

3) Reduction of false positives – Cloud Comrade manages log data consumption from a customer’s AWS services and Trend Micro to New Relic to provide threat analytics and insights on additional rules to address observed threats, which in turn eliminates false positives. Moreover C3DS engineers have configured automated update to the latest pattern files as per the release cycle. Based on experience and customer interactions, Cloud Comrade’s engineers will report the false positives to Trend Micro and consistently add in items to the approved exempt list derived from the scans.

4) Security Posture Management – Proactive monitoring security and compliance posture of AWS workloads.

5) Threat detection and remediation – The solution focuses on workload security which ensures security of the operating system, applications and data by using Trend Micro Deep Security, as well as integrating AWS Guard Duty, AWS Config, AWS Cloud Watch and AWS Lambda. These features help to address responsibilities by providing additional insights to workload security thus automating threat detection and response as per the below workflow which captures information from the environment to make smarter decisions within workload security for automatic remediation:

1) AWS service generates a data point such as an alert or finding.
2) A CloudWatch event is generated.
3) Event triggers your AWS Lambda function
4) Lambda function uses the workload security API to perform an action on workload security

Outcomes and Results

Adoption of Cloud Comrade Managed Security Services has helped the customer in the following ways:

  • Reduction in risk of a security breach by automating threat detection and response.
  • Reduced the number of unimportant and false-positive alerts by up to 35% which helped with the automated investigation and response by up to 40%.
  • Cost savings from reduced risk of a breach, consequently, it boosted employee productivity previously lost to security related downtime.
  • Improved brand reputation.
  • Improved security and reduce the risk of material security breaches thus improving customers’ brand and their market reputation.

AWS Services Used

AWS 3rd Party Tools – Trend Micro Cloud One & New Relic.

Google+