DevOps
Communications & Media

Custom Security & Auto Remediation Tool

This client desired to use a third-party security scanning tool to auto-remediate issues discovered in AWS accounts. The tool did not meet the national security requirements of U.S. Government contracts, so Trility helped build a tiered solution that managed security levels based on those requirements.

Problem Statement

A client with U.S. Government contracts that fall under classified and national security had implemented Prisma, a third-party security scanning tool for its AWS environment. Due to the client’s structure, two separate teams configured and maintained Prisma and the AWS environment. This led to a disconnect of the data shared, synced, and documented between the teams, Prisma, and the environment. 

The security scanning tool’s method was desired by the client due to its ability to auto-remediate issues discovered in AWS accounts. However, it required administrative-level access to those accounts, which was not feasible due to some of the higher security requirements for certain highly regulated accounts.

Solution Approach

For the client to realize the business value and achieve ROI for the security scanning tool, the Trility team bridged the gap with AWS Lambda – an event-driven, serverless computing platform. 

Prisma’s recommended processes were identified as the best approach for the client. The tool generates and sends alerts and even auto-remediates the discovered issues. 

The chosen solution was to build a Lambda function inside AWS that receives and reads the alerts and then takes corrective action inside the account. For the client’s lower-level accounts, it was decided to allow Lambda to fix issues such as user accounts and security groups. For the higher-level accounts, it was restricted to a specific set of functions.

Outcomes

This solution allowed the client to leverage the third-party processes without giving it administrative access to meet existing and future security requirements.

It also allowed the team to:

  • Auto remediate issues as much as possible.

  • Receive alerts when “human review and action” is needed.

  • Leverage a targeted way to address each AWS account based on security level.

Project Attributes

  • Reduced COO
  • Reduced Risk
  • Increased Automation
  • Increased Scalability
  • Increased Capabilities
  • Increased Security
  • Documentation
  • Learning Sessions

Technologies Used

  • AWS
  • Lambda
  • Prisma

Partner with us