By Vyacheslav Gorlov
Senior Solutions Architect, ClearScale
Read or watch the news on any given day and there will undoubtedly be an announcement that a high-profile data breach has occurred in a heavily used financial or healthcare organization, website, or social media channel. As unfortunate as these incidents are, most are preventable with proper security policies, active data breach monitoring, and audit logs that can track any breach before it becomes an issue.
Not all data breaches are due to outside attackers launching attacks or ransomware heists. There are instances where employees of financial institutions, healthcare organizations, public companies, or other data-rich organizations gain access through legitimate means and then move, copy, or transfer data outside of the organization to be sold illegally. These types of attacks can sometimes be more difficult to detect or prevent if the right measures are not put in place.
ClearScale, an AWS Premier Consulting Partner, had a client in the healthcare sector with a similar situation. The client had deployed a solution with associated data to the AWS Cloud but over the last few years had noticed an increase in user errors. Although many of these instances were due to lack of training or wrong user policies enacted in the system, their concern was that there could be other hidden activity.
The customer needed a way to actively monitor the activity that was going on in their AWS account so that they could determine if data was being inadvertently modified, moved, transferred, or erased outside of the stated policies they had enacted. They asked ClearScale to determine if there was a security solution that could be devised that would allow them to be notified when suspicious activities were taking place so that they could take proactive action to prevent a data breach from occurring.
The ClearScale Solution – Amazon Macie
Upon reviewing the client’s request, ClearScale decided that the best solution to the stated need could be found in Amazon Macie, a service that leverages Machine Learning to identify suspicious activity. When properly implemented in an AWS instance, Macie creates a baseline of information about any and all data stored in the S3 buckets. From there, Macie actively monitors the S3 buckets for any anomalies or suspicious behavior that could indicate a data breach is imminent or in progress. These types of activities include things such as large quantities of data being downloaded, unsecured credentials, or even sensitive data that is being configured to be accessed by external sources.
With the Amazon Macie dashboard, ClearScale was able to provide the client the tools necessary to uncover vital information, including alerts of suspicious behaviors or anomalies, along with recommendations on how to address said issues. To further provide the flexibility the client needed, Macie provides methodologies through the dashboard to set up automated remediation actions that could be enacted based on customized conditions and logic.
ClearScale delivered a solution ideally suited for the client’s need. With its ability to have extensive visibility to data, such as programming languages, logging formats, credentials and API keys, and robust user behavior analytics, including the ability to monitor sudden increases in high-risk or anomalous API activity from multiple locations at infrequently accessed hours, Amazon Macie’s ability to leverage Machine Learning technologies gives complete end-to-end active monitoring. This allowed ClearScale’s client to know with confidence that their AWS instance was not only actively secured but actively monitored for potential threats.
At ClearScale, our focus has been on our customer’s needs since 2011 by providing peace of mind either through robust secure solutions designed to keep data safe or through comprehensive software deployments on a massively scalable infrastructure and architectures. With the combined knowledge that our architects, designers, solution consultants, and developers bring to bear, no challenge is too great and the end result will be an implementation that your organization can be proud of.