Smarttech247 Spotlight: QRadar with AWS
Global MSSP accelerates their clients’ journey to AWS with IBM Security QRadar
Smarttech247 is a global cyber security organization that delivers a broad range of security solutions including 24/7 managed security services via their next-generation SOC (Security Operations Center). They combine industry leading technologies and processes with deep security expertise to protect their clients’ environments 24x7x365.
Background
The Smarttech247 SOC focuses on delivering comprehensive security including advanced threat detection and response across an organization’s network. The SOC leverages IBM Security QRadar as its SIEM (Security Information and Event Management) to gain centralized visibility and insights across the threat landscape.
As organizations accelerate their move to cloud to drive business innovation and customer success, Smarttech247 has continued to drive a unified approach to security for their clients, providing threat management across on-premise and hybrid cloud environments.
QRadar with AWS
As more of their clients' workloads migrate to cloud, Smarttech247 has leveraged a broad set of QRadar integrations with cloud native services to secure those environments. There has been an emphasis on AWS in particular to provide a centralized view of risks and threat across networks, users and endpoints.
Today, the organization leverages QRadar running on AWS along with a number of integrations with AWS security services including AWS CloudTrail, Amazon GuardDuty, CloudWatch, Detective and VPC flow logs to detect cloud misconfigurations. These integrations help their security analysts gain deep visibility and insights into the most critical threats across AWS environments.
“We’re able to see the blind spots in our customers’ networks and provide the big picture back to them.”
- Andy Grzess, Smarttech247 CTO
For example, Smarttech247 uses QRadar’s integration with AWS CloudTrail to monitor user activity and behavior including:
- Deletions of S3 buckets
- Starting or stopping EC2 instances
- Misconfigured EC2 security group ports and inbound traffic access
- Non-standard users accessing resources, discovery of unused security groups
- Multiple failed read attempts from same source IP/different geographies
- Resource provisioning without use of IAM roles
- Configuration changes to disable VPC flow logs
Smarttech247 also uses the QRadar Cloud Visibility App to detect potential blindspots in a client’s network by leveraging threat telemetry from a number of AWS native security services including VPC flow logs.
By combining AWS security event logs with flows, Smarttech247 is able to correlate disparate events into a single offense. One example includes the spin up of multiple EC2 instances during off-hours combined with additional network activity that is inconsistent with typical usage patterns.
As Andy Grzess, CTO at Smarttech247, highlights “We’re able to see the blind spots in our customers’ networks and provide the big picture back to them.”
Smarttech247 continues to deliver repeatable security outcomes to its clients via deep managed services expertise along with an adaptive and innovative approach to security. By leveraging QRadar with AWS, they’re able to accelerate their clients’ journey to cloud.
About Smarttech247
Smarttech247 is a multi-award-winning cybersecurity organization that provides innovative solutions to enterprise clients around the globe. The security services combine threat intelligence with managed detection and response to provide actionable insights, 24/7 threat detection, investigation, and response. The Smarttech247 services and products hold globally recognized certifications, including ISO9001, ISO27001 and Cyber Essentials.
- IBM Security QRadar
- QRadar Cloud Visibility App
- AWS CloudTrail
- Amazon GuardDuty
- Amazon CloudWatch
- Amazon Detective
- VPC flow logs