Month: September 2019

Security Information Event Management (SIEM) In AWS

Security Information Event Management (SIEM) In AWS

security management

Keeping everything under lock and key.

Security is a big part of cloud implementation and managing cloud security is becoming more challenging. The growing number of cyberattacks—and the growing variety of attacks targeting cloud environments—is posing a serious challenge that cloud administrators need to face.

You may also enjoy: 6 Open-Source SIEM Tools

Amazon offers a wide range of security tools on its AWS ecosystem, but managing information security can still feel overwhelming when there are so many tasks to handle. This is where integrated tools and solutions come in handy, and Security Information Event Management (or SIEM) is one of the best to use.

What Is Security Information Event Management (SIEM)?

Security Information and Event Management (SIEM) is a collection of tools and services that provide a holistic view of an organization’s cloud security. Going beyond its original event log-management roots, SIEM software vendors are today introducing advanced statistical analysis, anomaly detection, and machine learning as well as other analytical methods to their solutions. This is on top of more traditional features including real-time visibility of an organization’s information security systems and event log management that consolidates data from numerous sources.

AT&T Cybersecurity provides a Security Information Event Management solution developed specifically for AWS. Which means it is designed from the ground up to be compatible with tools like AWS Guard Duty. Yes, we’re talking about the same SIEM solution as the one originally developed by AlienVault. AlienVault is now AT&T Cybersecurity, a collaborative defense and cybersecurity organization that focuses on creating integrated tools for easier cloud management.

Back to SIEM, the tool can be fully integrated with AWS services. It handles four primary functions that make this tool so indispensable, which are:

  • Centralized AWS security monitoring: With monitoring data from services like CloudTrail, CloudWatch, and ELB being pulled to a unified platform. Rather than going through the logs manually, you can now review logs and search for anomalies faster with this level of integration.
  • Threat intelligence for AWS: Including support for correlation rules and anomalies detection. The AWS environment that has been configured can be monitored closely for potential changes. When the changes made aren’t complying with security policies, you get instant (and early) notifications.
  • Support for multi-cloud setups: This means SIEM can now be used to eliminate blind spots and allow for a more holistic approach in cloud management. You can also use SIEM from the start to make the whole process of migrating to the cloud easier.
  • Security compliance in the cloud: With popular standards like HIPAA and PCI DSS supported natively, adjusting your cloud environment to meet the requirements of these security standards becomes an easy task to complete with the help of SIEM.

From these four primary features alone, it is not difficult to see how SIEM can be incredibly useful for organizations who manage their own cloud security. SIEM takes the guesswork out of the equation, giving you complete control over the safety of your data with accurate logging, effective threat intelligence, and advanced security standards.

How Can SIEM Help You?

Since Security Information Event Management is developed to work natively with AWS, the tool can be useful in a wide range of scenarios. For starters, SIEM makes monitoring cloud security as easy as it gets. Anomalies are detected almost immediately, and the prediction of potential attacks is now possible. As long as you have clear rules and security policies, most cyberattacks can be prevented entirely.

SIEM also handles log management and analysis superbly. Rather than going through multiple logs manually, you can now turn to visualized data and analyzed logs for quick insights on the health and security of your cloud environment. This feature also makes cloud maintenance easier since you can automate most of the more mundane tasks such as checking logs.

Automation is a big part of the process. SIEM automates mundane tasks and takes things a step further. Things like the normalization of components after—or during—a cyberattack (when anomalies are detected) are no more than a few steps waiting to be completed with the issues laid out clearly and in a visual way.

Security alerts are certainly handy. They direct your attention to the right parts of your cloud environment based on the security threats you face. As mentioned before, Security Information Event Management takes the guesswork out of most server maintenance tasks. Alerts are also handy for preventing catastrophic damage to the cloud environment during a cyberattack.

You can basically react to attacks and potential security risks faster. Instead of waiting to fix the cloud environment, you can proactively plug security holes and prevent catastrophic attacks from ever affecting your cloud environment from the beginning. This is perhaps the biggest benefit offered by SIEM; you save a lot of time, energy, and money by preventing attacks rather than dealing with them.

Scalable And Intelligent

One last thing to note about SIEM: it works with cloud environments of different scales. Even SIEM itself is scalable. You can capture logs and activities from different instances, modules, and components without putting too much strain on the monitoring system.

The more logs you collect, the better Security Information Event Management is at correlating events and spotting anomalies. You still need to define clear and effective security policies to maximize the benefits of using SIEM, but the insights you get from implementing this integrated security tool will help with that, too.

So, is SIEM for everyone? The benefits you can get from implementing SIEM varies depending on the way your cloud environment is set up, but one thing remains true: managing cloud security is easier with SIEM in place.

Further Reading

Making SIEM Easier to Achieve

Using the ELK Stack for SIEM

from DZone Cloud Zone

AWS at “vETC | The Grand Convergence 2019”: Modern MAM & Supply Chain Optimization for IMF

AWS at “vETC | The Grand Convergence 2019”: Modern MAM & Supply Chain Optimization for IMF

The Entertainment Technology Center at USC hosted “vETC | The Grand Convergence 2019: Innovation and Integration“, their 5th annual virtual conference covering emerging technologies and their impact on the M&E industry. Jack Wenzinger, AWS Partner Solutions Architects in the Media & Entertainment vertical, provided an overview of Media Asset Management and key factors to consider in your MAM strategy; taking advantage of cloud architectures like content lake, machine learning for improved search, and leveraging industry standards like the Interoperable Mastering Format (IMF).  The webinar breaks down the foundations of MAM into six key categories and discusses solutions for improving the overall operation of each within AWS.  Jack goes specifically on how AWS is supporting media companies with a serverless ingest solution called Media2Cloud.

Click here to read the latest blog post on the Media2Cloud solution

Click here to get started on the Media2Cloud solution

Click here to see all available M&E solutions from AWS

from AWS Media Blog

AWS Fargate now available in EU (Stockholm), EU (Paris) and Middle East (Bahrain) regions

AWS Fargate now available in EU (Stockholm), EU (Paris) and Middle East (Bahrain) regions

AWS Fargate is a compute engine for Amazon ECS that lets you run containers in production without deploying or managing servers. Fargate lets you focus on designing and building your applications instead of managing the infrastructure that runs them.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/aws-fargate-now-available-in-eu-stockholm-paris-middle-east-bahrain-regions/

Amazon EKS Adds Support for G4 Instance

Amazon EKS Adds Support for G4 Instance

Amazon Elastic Kubernetes Service (EKS) now supports adding Amazon EC2 G4 instances as worker nodes to all clusters in regions where G4 is available.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-adds-support-for-g4-instance/

Amazon EC2 AMD Instances are Now Available in Additional Regions

Amazon EC2 AMD Instances are Now Available in Additional Regions

Starting today, Amazon EC2 M5a, M5ad, R5a, R5ad, and T3a instances are available in additional regions.

  • M5a and R5a instances are now available in AWS Asia Pacific (Seoul), and Europe (London) Regions
  • M5ad and R5ad instances are now available in AWS Asia Pacific (Seoul, Sydney, Singapore), Europe (Paris, London, Ireland, Frankfurt), US West (N. California) Regions
  • T3a instances are now available in Europe (Paris) Region

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-ec2-amd-instances-now-available-in-additional-regions/

Using Containers for Deep Learning Workflows – AWS Online Tech Talks

Using Containers for Deep Learning Workflows – AWS Online Tech Talks

Using Containers for Deep Learning Workflows – AWS Online Tech Talks
With different versions of frameworks, libraries, and drivers for CPUs and GPUs, developers and data scientists spend a lot of time ensuring deep learning software stacks work well together during upgrades and system changes. In this tech talk, we’ll take a look at how container technologies can address these challenges by providing training and inference environments that are lightweight, portable, consistent, and scalable. Through code examples, we’ll take a closer look at how to integrate AWS Deep Learning Containers into your development and deployment workflows, as well as how to run large scale deep learning workloads on Amazon EKS.

Learning Objectives:
– Understand how containers can help address challenges in deploying deep learning environments
– Learn about how to use AWS Deep Learning Containers
– Take away code samples to help you get started quickly

View on YouTube

Advancing Software Procurement in a Containerized World – AWS Online Tech Talks

Advancing Software Procurement in a Containerized World – AWS Online Tech Talks

Advancing Software Procurement in a Containerized World – AWS Online Tech Talks
Software architecture, development, and operations patterns are changing with the increasing popularity of containers and related toolchains. In this tech talk, you’ll learn how to use third-party container products from AWS Marketplace to deploy your applications on Amazon Container Services such as Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), and AWS Fargate. You’ll also see how to find the right container product in AWS Marketplace or directly through the Amazon ECS Console.

Learning Objectives:
– Learn how to deploy third-party container products from AWS Marketplace
– Understand the variety of pricing types available for third-party container products, including free, BYOL, and pay-as-you-go
– Learn to use AWS Marketplace or the Amazon ECS Console to find third-party container products

View on YouTube

Amazon MQ introduces vertical scaling for message brokers

Amazon MQ introduces vertical scaling for message brokers

You can now right-size your message broker by modifying the instance type on demand. Instance type changes can be applied immediately or during the next maintenance window. Vertically scaling your message broker provides flexibility to adjust for seasonal changes and increase capacity as your application grows. 

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-mq-introduces-vertical-scaling-for-message-brokers/

Washington State Health Care Authority improves data sharing with AWS

Washington State Health Care Authority improves data sharing with AWS

Washington State Health Care Authority improves data sharing with AWS
The Washington State Health Care Authority (HCA) increased its flexibility and data analytics for the state opioid response plan with Amazon Web Services (AWS). The Washington State HCA integrates physical health and behavioral health services with the mission to increase access to health care at a lower cost for Washington residents. Washington State HCA uses Amazon Aurora, Amazon Redshift, and Amazon Relational Database Service.

View on YouTube

How FinTech Startup NIRA Leveraged AWS’ Cloud Solutions to Enable Financial Inclusion

How FinTech Startup NIRA Leveraged AWS’ Cloud Solutions to Enable Financial Inclusion

NIRA Finance group photo india

Guest post by NIRA Finance

Less than 10% of India’s population is able to get loans from banks. The majority of India’s 1.3 billion person population doesn’t have assets to put up as collateral or a credit rating, so banks are unable to underwrite their loan requests. It’s also too expensive for banks to use the traditional model of lending for disbursal of loans of small ticket sizes (under INR 1 lakh), given the high costs of processing loan requests. Technology can address this problem by reducing the costs of processing as well as distribution. A growing group of Indian fintech companies are now addressing this market for small-ticket loans.

NIRA is a consumer finance company leading that charge. NIRA believes there are good borrowers across income levels. Through its mobile app, NIRA provides small loans of up to INR 1 lakh to qualifying borrowers.

NIRA’s target group consists of blue and white-collar salaried individuals, earning between INR 15k to INR 40K per month, across Tier 1 and Tier 2 cities, i.e. Indian cities with a population above 100,000 and above 50,000 respectively. This group falls into an underserved section of the market: individuals who find it challenging to get loans for urgent personal or family needs.

How Does NIRA Do It?

NIRA saves costs by taking traditional banking processes online, thus drastically reducing investments in real estate to set up branches and staff to service customers at these branches. This helps ensure their cost of the loan to the customer is substantially lower than the alternatives available today.

NIRA’s major differentiation is not the loan itself, but the pre-approved credit limit, which is available to the customer at their time of need, free of any fees. Customers thus do not pay, but withdraw up to their credit limit, which increases as they successfully pay back the loan. NIRA offers loans to customers who do not have a credit score — a deal-breaker for other, more traditional lenders — and asks for much less documentation than other players in the market.

It is feasible for NIRA to extend credit to this group of people in an economically viable manner because it’s able to utilize new sorts of data that is getting generated today on borrowers’ mobile phones. This allows NIRA to form a reliable credit assessment and collection mechanism unconventionally. NIRA also uses risk-based pricing; borrowers pay an interest rate of between 1.5% and 2.5% per month, depending on their score on NIRA’s proprietary credit model.

Valuable Partnerships

NIRA has partnered with several large banks, including Federal Bank, along with some key Non-Banking Finance Corporations (NBFCs) to serve more niche segments in the group. This is a mutually beneficial partnership; NIRA is able to get loans approved for otherwise unserviceable customers, and its partners are able to grow their customer base.

Once a borrower’s credit limit is activated, they can draw down loans from as small as INR 5k all the way up to their full limit.

They only pay interest on the amount drawn, and their limit replenishes as the borrowers repay their loans. Further, as borrowers demonstrate good payment history with NIRA, their limit starts increasing. For example, if a borrower who took an INR 20k loan against child education pays it on time, their limit would increase to INR 50k next year which they might very well use to cover a major wedding expense in the family.

The Technology Behind NIRA

NIRA’s user journey can be broken down into two parts. As the first step, an in-principle decision is given to the customer in one minute based on the information they provide. As the second step, multiple verifications are done including employment, bank account, and then they are given a final decision for a loan.

NIRA projects its mobile application could be serving 10 million customers a year in next 5-6 years. To meet its ambitious growth plans, NIRA was looking for a technology enabler that could help it scale seamlessly. It also needed infrastructure that was cost-effective, robust, and secure to support every aspect of its startup journey.  Being in the financial services domain, it required a secure and reliable infrastructure to comply with a range of financial data regulations. More importantly, handling sensitive financial data of customers leaves no room for errors.

In 2016, NIRA was looking for a cloud partner in Mumbai, but there were very few who fit the bill. Since AWS already had plans to set-up a data centre in the city and provided a highly robust and scalable solution, it was NIRAs first choice.

AWS Solutions Deployed

NIRA chose the AWS platform for its scalability and reliability. When it became mandatory for companies to do an e-KYC (Know Your Customer) verification linked to the Aadhaar card (an identity card with a unique identification number issued to Indian citizens), Amazon Rekognition services helped NIRA with image verification and validation services of customers’ Aadhaar cards. This mandate also required NIRA to store data in highly secured servers, a need which was met by Amazon S3 storage.

“During scale-up, as we encountered new data related regulations or partner lender’s requests concerning data processing, we always found that AWS had a ready solution. It reflects AWS’ forward thinking to pre-empt challenges and build client solutions well in advance,” said Nupur Gupta, Co-Founder, NIRA.

architecture diagram of how NIRA finance uses AWS lambda to enable their lending solution

AWS Lambda

To meet its scaling requirements, NIRA implemented AWS Lambda, which is a pay-per-use cloud infrastructure solution. It is a serverless facility that offers automatic scaling. Essentially, if you have one user, you pay only for that one rather than setting up sites and waiting for the customer base to rise. With AWS Lambda, NIRA was able to scale up from a few thousand customers to 85,000 monthly active customers, without requiring any major infrastructure or configuration changes.  The pay-per-use model also enabled the company to keep its spending in check.

We were able to optimize AWS Lambda and scaled up to capacities of 10X. We have a good end user experience, but we might have dedicated servers and containerization requirements to be used in the future. AWS Lambda ensures that a minimal amount of time is spent when going from one scale to another,” said Gupta.

These AWS Lambda Functions are also invoked by the Amazon API gateway which handles API management and user authentication and authorization through Amazon Cognito service.

Amazon CloudWatch

NIRA used Amazon CloudWatch to log user events such as app registration, verification, uploading, and checks. Based on these logs, it can resolve customer queries through troubleshooting, to determine the point of failure. For instance, in a third-party API used for an electronic loan agreement, it could log in responses in Amazon CloudWatch, and find out if the process resulted in successful loan disbursement and gave a response or if it had a failure for a request.

Amazon CloudWatch provided data and actionable insights to monitor NIRA’s applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of the operational health of the company infrastructure. 1

Amazon DynamoDB

Amazon DynamoDB NIRA benefits from DynamoDB’s fast response to customer queries and a self-managed NoSQL database that auto-scales for performance based on the volume of queries.

Other AWS Solutions Deployed

NIRA got access to AWS Activate through the Nasscom Startup and Techstars Accelerator programs that support startups with mentoring and business community development. The AWS Activate framework helped the company directly through credits as well as through invites to industry events. “We have an ongoing relationship with AWS for over two years now. They are very forthcoming with providing support, through tech solutions, knowledge sharing, and where required connecting us with external entities in the ecosystem,” added Gupta.

NIRA also implemented AWS Glue, an ETL tool used to extract data from the database, transform it, and load that information into required applications. It is also used for reporting.

Lastly, the finance company used Amazon SES (Simple Email Service), an email system, to facilitate all major communication with customers.

The Road Ahead

NIRA is planning to introduce multiple products and will scale its data infrastructure to support a higher level of reporting and analytics. Additionally, it wants to focus on controlling costs. The pay-as-you-go model of AWS gives the company flexibility to only incur costs for resources utilized, and Amazon CloudWatch enables monitoring of these resources — allowing the company to discover opportunities for cost-saving.

Going forward, NIRA is looking at automating its resources to address the needs of the fast-growing customer base.

References:

[1] https://www.youtube.com/watch?v=a4dhoTQCyRA

[2] https://aws.amazon.com/dynamodb/

from AWS Startups Blog