使用OpenSearch作为Siem保护AWS着陆区

Client BackgroundO Business ChallengeT he client has recognized the needto define and establish a secureenvironment for their infrastructurebecause of having security issues in thepast. As the company has moderated itswork using AWS console only, it aimed toget the resources being deployed usingautomated pipelines and to keep all theinfrastructure as code (IaC) in GitLabrepositories. SoftServe got the requestto design an efficient security solution asthe client’s experience in AWS Cloud waslimited. ur client is a global innovationcompany creating products andservices for complex data analysis. Solution Manager, AWS Config, AWS VPC, EC2, S3.The SoftServe security team also designedarchitecture for security informationand event management (SIEM) serviceusing OpenSearch built in AWS. AWSOpenSearch has all the logs gathered inone place from the entire organization.With the usage of Lambda functions andKinesis Data Streams, the security datalogs were pushed straight forward to theOpenSearch from many services like AWSCloudTrail, GuardDuty, SecurityHub, andVPC flows. SoftServe analyzed the client'sinfrastructure and business goalsand devised the exact action plan.During the verification stage, our team ofexperts focused on corresponding to therequirements of all security standards.This helped us to propose a powerful andworkable solution for the client. As the company had only two AWSaccounts, the most efficient practicewas to build a multi-account structure inAWS, where it wanted to migrate both —the new company infrastructure and itsexisting assets. The SoftServe team startedby designing the secure architecturesolution preparation. To detect any potential incidents on theclient’s infrastructure, the SoftServedevelopers designed two Slack channels:one for security audit notifications andanother for providing details about theguard duty findings. In this way, we wereable to form an incident notificationcenter that facilitated identifying anyattack attempts. This solution washighly profitable as our client was notexperienced in AWS Cloud. Our next big step was creating theIaC secure AWS Landing Zone code inTerraform, where we could place everyminor configuration. For this, our team ofexperts built a secure pipeline with KMSencryption, where only permitted userscould have access and enforce changes tothe production. Having deep experiencein the security cloud domain, we useda significant number of AWS Servicesin the Terraform code: AWS GuardDuty,AWS Security Hub, AWS Security ControlPolicy, AWS Organization, AWS SSO, AWSKMS, AWS Secret Manager, AWS System Within the process, SoftServe encounteredthe dilemma of a short period for theimplementation — up to five months.Nevertheless, our experts enabled us toenroll a dozen of high-standard securitytools. Value Delivered As a result of our partnership, the client reached the initial goal of getting a fullyprotected security environment. With the set of frameworks installed, SoftServeprovided a solution with high automation capabilities. Our client got the possibilityto make changes quickly and monitor the entire system from one place. All these stepsbrought the client’s infrastructure to a new level of security allowing them to maximizetheir business goals and increase scalability. ABOUT SOFTSERVE We are a digital authority made up of advisors, engineers, and designerswho deliver innovation, quality, and speed to elevate and accelerate ourclients’ digital journeys. Our approach is built on a foundation of empathetic, human-focusedexperience design that ensures value and continuity from concept torelease. WE IDENTIFY WHERE YOU ARE.WE PREPARE YOU FOR THE ROAD AHEAD.WE TAKE YOU WHERE YOU NEED TO GO. Visit ourwebsite,blog,LinkedIn,Facebook, andTwitterpages. NORTH AMERICAN HQ 201 W. 5th Street, Suite 1550Austin, TX 78701USA +1 866 687 3588 (USA)+1 647 948 7638 (Canada) EUROPEAN HQ 30 Cannon StreetLondon EC4M 6XHUnited Kingdom+44 333 006 4341 info@softserveinc.comwww.softserveinc.com