Problem Description:
CloudKnox provides a single platform to manage identify privileges across multiple cloud environments, allowing customers to protect themselves against malicious activity and compromised credentials. Their build and deployment processes entailed manual script execution. As the business grew, these processes increased in complexity to handle multiple cloud platforms.
Without automation, these processes consumed a lot of time, leaving VMs without the latest security patches vulnerable to attacks. Furthermore, CloudKnox’s MongoDB database was a bottleneck on services, impacting performance. Both costs and security were top priorities.
Solutions Highlights:
Working alongside CloudKnox’s Internal Operations team, AVM automated the build and deployment process using Terraform. We implemented user-based SSH access to the VMs, controlled via code. Furthermore, we enabled end-to-end encryption in-transit using SSL. In doing this, we removed the risks associated with manual deployment, reduced costs, and increased instance security.
To reduce bills further, we migrated CloudKnox’s services from on-demand to reserved and spot instances. Custom AMIs were defined along with an automated patching process using Packer. This allowed CloudKnox to update instance AMIs with the latest software patches on a regular basis, addressing vulnerabilities and providing better protection against malicious attackers.
Tools like AWS Inspector were adopted to automatically scan these instances and generate vulnerability reports. Using these reports, CloudKnox were able to benchmark their services against CIS standards, quickly identifying any deviations and remedying them to meet CIS compliance.
Logging was enabled using a combination of Loggly, Graphana, and CloudWatch for greater visibility on instance activity. CloudKnox were then able to monitor the logs for any malicious activity. Metrics and alerts were configured off the back of these logs to optimise threat detection, quickly notifying teams of any unusual behaviour and automatically triggering functions to address potential threats.
While we nurtured CloudKnox from its inception, we are so proud to announce that CloudKnox now is world level product called Microsoft Entra Permissions Management.