Proyecto MSP:

A major company in the Mexican electricity industry hosted its servers in a physical infrastructure, which led to a weakness in the protection of its information. They were looking for ways to optimize their IT security plan, without this implying any vulnerability when placing changes or even stopping business activity.

Desafío

The company's technical team is experienced in solving security problems, even though they did not have a knowledge base that could help the organization solve the problem in a standardized way, and continuous monitoring of the infrastructure that would help them detect security deviations.

So they decided to look for a third party who could help them in a consultative manner and using technologies and services available through the cloud. Deciding to work with the Amazon Web Services cloud, they searched among different options for a partner that had the necessary experience and certifications to ensure that the work to be done had the best practices.

Solution proposal by Compucloud

The compucloud team of experts offered a consultation to begin with the relevant remediations and best practices in the AWS cloud, to solve the problems presented, with our experience as a Managed Service Provider, Well Architected Framework and as a Service Delivery Program WAF, as well as the support and knowledge of Trend Micro, we developed a solution proposal based on the best security practices and the Well Architected Framework, as well as knowledge of the best practices implemented through an MSP partner .

According to the customer's problem, the most suitable solution to implement were the following services, 4 EC2 instances, which have a properly configured network environment, composed of a pair of public and private subnets, with their respective Internet Gateway and Nat Gateway to allow Internet traffic, the corresponding security groups for the servers, and also two of the instances have their respective elastic IP, this because they are terminal servers licensed by TSPLUS in order to provide more access filtered and limited to resources within the server.

In addition to the main resources, a third-party security service was initially implemented at the OS level, a solution that strengthens remote desktop security by preventing external remote sessions from being opened, includes a blacklist of suspicious IP addresses and provides centralized policy management, as well as protection against ransomware. At the same time, log collection services were added at the VPC level and complemented with the GuardDuty service to analyze and find possible security risks. This solution was complemented by a lambda script that allows the blocking of attacking IPs in the VPC's NACL, in addition to the resources mentioned above, with the modernization strategy that was implemented, the security posture was improved after recommending other existing solutions in the Compucloud Addons.

1. - Infrastructure Vulnerability Analysis

As this company belongs to the electrical industry, the type of information it handles is critical, therefore, due to all the processes and type of workload, it recommended the use of security solutions for vulnerability analysis within its EC2 instances, with the objective of increasing its security posture and reducing deviations and vulnerabilities that may exist within its servers.

2. - Visibility of the AWS resource inventory

One of the benefits that customers have when joining Compucloud is that we provide our customers with a web application that they can consult to keep track of their inventory changes and events carried out within their work infrastructure. The application developed by Compucloud allows the customer to centrally view all assets and movements through a GUI interface. This makes gathering information easier and faster.

3. - Monitoring AWS security best practices.

As part of its support policy, Compucloud performs recurring security audits of the best security practices recommended by AWS, which are executed and presented to the customer with recommendations and actions to be taken. Best Practices as a Managed Service Provider

4. - Monitoring AWS security best practices.

Due to the type of workload and the processes managed within your organization, the customer must meet the following certifications.

• ISO 27001 2013

• CIS AWS Foundation Benchmark 1.2.0

This is the reason why we integrate services that we have with one of our security partners and that provide us with first-hand support | TrendMicro

5. - Monitor and classify security events

The electric company has a Compucloud support policy that provides 24/7 support, as well as constant monitoring of its security. A support policy that provides you with automations and reports that are constantly being carried out to have wide visibility of your entire security posture.

6. - Denial of Service (DDoS) Mitigation

As part of the continuous improvement of security, the customer has a solution within their security services, which helps protect their servers against different types of threats, including protection against DDOS.

7. - Managed Intrusion Prevention and Managed Detection and Response System for AWS End Points

Due to the workload, type of application and information handled by the customer, it was necessary to implement a solution that would allow protection at all layers, so the use of the solutions that Compucloud manages within CLOUD FORTRESS was recommended, including: Workload security and compliance. These solutions together with AWS services allow us to increase the security posture of the entire infrastructure to meet the highest security standards.

Now the company is a compucloud customer because we are committed as a Managed Service Provider to provide our customers with IT services in an efficient and cost-effective manner, allowing them to focus on their core operations without having to worry about the daily management of technological infrastructure.