Organization centralizes and simplifies threat management across its hybrid environment including AWS workloads with X-Force Threat Management and QRadar
This United States-based global food and beverage distribution company has over 300 distribution centers worldwide. The company employs over 50,000 associates and operates in North America, Central America and Europe.
To support growth plans of the business, organization leaders needed a solution to improve security threat operations by engaging a security operations partner as extension of in-house operations.
The organization selected a world-class managed security services solution from IBM® coupled with QRadar®, a cloud security information and event management (SIEM) system. The QRadar on Cloud SIEM from AWS would serve as the center of their security system worldwide and would be supported by IBM X-Force® Threat Management Services.
The IBM threat management solution enables the organization’s security officials to increase protection and visibility for their hybrid cloud AWS and on-premises environments. Furthermore, the cloud-based QRadar on AWS and remotely delivered managed security services solution saves security officials time and costs upgrading their established data centers’ physical structures.
Journey to AWS
The new setup provides the organization’s security team leaders with many benefits:
- Simplified visibility and threat monitoring across AWS and the hybrid cloud environment
- Reduction of staff requirements and overcoming skills shortage by offloading of Level 1 threat triage and Level 2 threat investigations and for ongoing management of QRadar
- Reduced risk due to automated controls policy provisioning
The IBM X-Force® Threat Management Services solution includes IBM Advanced Threat Protection Feed, which directly integrates with the corporation’s security tools to help detect threats.
AWS hosts an organization-owned security orchestration, automation and response (SOAR) platform which company security officials co-designed and implemented with IBM Security orchestration runbooks. These standardized procedures that provide repeatable step-by-step actions to address recurring IT tasks.
The SIEM deploys as an AWS Amazon Machine Image (AMI). Its features allowing access requirements for collection of data and data flow into AWS and data to flow from other environments into AWS.
QRadar complements the organization’s AWS native security services by adding the following items:
- Security event management
- User behavior analytics
- Security analysts based in security operations centers (SOCs)
The organization also implemented security monitoring solution based on AWS native logging capabilities. IBM Security used AWS CloudTrail, which tracks user activity, and Amazon GuardDuty, which help perform intelligent threat detection and continuous monitoring, for use cases around threat insight and detection of Indicators of Compromise (IOCs) in the organization’s AWS environment.
By using VPC Flow Logs through S3 buckets, IBM Security detected exfiltration of data from the environment and provided context for network flow within AWS. QRadar analyzes and ingests native controls and third-party security products as part of the logging activities for the organization.
Finally, IBM Security Services co-designed and implemented AWS Lambda templates to automate the security configurations for AWS hosts of the organization’s customers. This feature allows the organization to invoke Lambda functions, such as detecting if the logging capability is enabled on a host.
The entire process from inception planning to going live in AWS for all security services took three months. Now, with the SIEM from AWS as their security hub, the corporation’s security officials can monitor over 5,000 AWS systems and over 18,000 log sources globally.
IBM Security has more than tripled the security services offered to the corporation since the initial migration. Leaders now obtain budgetary estimates for increased security to aid in future financial planning for the company.
IBM Security and AWS Solution components:
- IBM X-Force Threat Management – managed security services
- IBM Security QRadar SIEM
- AWS CloudTrail
- Amazon GuardDuty
- VPC flow logs
- AWS Lambda templates