Protecting AWS Assets: A Case Study
As organizations migrate computing workloads to publicly hosted clouds, IT and security administrators face new security challenges. Cloud environments make it easy to deploy new resources and grant wide-ranging permissions that can eventually be abused. Such misuse often leads to cloud-native risks to public cloud services, namely data breaches, account compromise and resource exploitation.
Perion — a multinational ad tech company — has a complex cloud environment comprised of a variety of services deployed in multiple Amazon Web Services (AWS) accounts. Managing these accounts was a challenge for several reasons. Various teams/employees at Perion had access to different AWS accounts. In addition, processes for managing accounts and the people managing them are in a constant state of flux.
Perion’s operations and security teams had limited visibility of account updates and dangerous misconfigurations, such as network configurations exposing servers to the internet. Perion lacked the ability to track and tighten access permissions to services and data and automatically detect malicious activity inside its AWS accounts.
Perion needed a solution that could provide:
- Visibility into account updates and timely identification of dangerous misconfigurations across multiple AWS environments
- The ability to track the usage of access permissions to services/data and reduce excessive permissions across multiple AWS environments
- Protection from data breaches, account takeovers and other threats, without generating false positives
- An unobtrusive and easy-to-deploy solution
- Assistance with managing and securing cloud accounts, so Perion’s operations and security teams can focus on other priorities
Perion evaluated several solutions, including Radware’s Cloud Workload Protection Service and several event management/misconfiguration tools. With the exception of Radware, all solutions were dismissed due to their inability to identify misconfigurations and/or weak breach detection. During testing of attack detection capabilities, Radware’s Cloud Workload Protection detected all eight attack scenarios.
During testing, Perion experienced firsthand how Radware would protect its workloads and data, including identification of dangerous misconfigurations and excessive permissions, as well as detection of simulated cloud-native attacks conducted in Perion’s environment.
Cloud Workload Protection Service provided a single solution for Perion’s requirements, verses other offerings that would only solve one or two of their issues. To reduce attack
surfaces, Radware’s Cloud Workload Protection Service addresses the core problem of excessive permissions and exposed assets. It analyzes the gap between granted and used permissions, applying the “principle of least privilege” to offer smart hardening recommendations, thereby reducing the organization’s attack surface.
Cloud Workload Protection provides Perion with several security and business benefits. Operations and security teams have an automated breach detection tool that continuously monitors their cloud accounts for malicious activity while avoiding alert fatigue and helps Perion comply with current regulations.
In addition, the solution automates monitoring account updates and configuration changes for misconfigurations and excessive permissions. This aligns account management across teams, requiring fewer resources, so security and DevOps teams can focus on other priorities.