Cloud security has become an essential part of protecting the modern financial institution from cyberattack. Therefore, DefenseStorm offers security of your cloud resources at no additional charge.
AWS: CloudTrail and ELB
DefenseStorm watches and alerts on parts of AWS that, based on the shared responsibility model, Amazon expects you to monitor. For example:
- Operating system
- Network configurations
- Access management
CloudTrail is an Amazon web service that provides visibility into user activity by recording API calls made on your account and delivers log files to an Amazon S3 bucket. This information helps you track changes made to your AWS resources and to troubleshoot operational issues. If you are using AWS, it is recommended that CloudTrail be enabled.
The DefenseStorm GRID ingests ELB access logs that capture detailed information about requests sent to the load balancer. Perform the following steps to setup the AWS features through the DefenseStorm UI.
- Go to Settings > Integrations and select the Amazon Web Services icon.
- Input your Amazon Web Services Account information and select Create.
- Connect CloudTrail to DefenseStorm by selecting the gear icon on CloudTrail and follow the instructions displayed.
- Connect your AWS ELB to DefenseStorm by selecting the gear icon on Elastic Load Balancing, and then following the instructions displayed.
OpenDNS offers network security by reviewing all of your employee network connections on or off the corporate network. Since DefenseStorm is a layer that can “see everything”, we correlate the events OpenDNS captures when users leave the corporate network with the rest of your corporate network.
Use of this integration requires an "Insights" or "Platform" OpenDNS subscription; the "Professional" subscription level is incompatible, due to lacking the log export feature below:
- Retain logs with Amazon Web Services integration using customer-managed or Cisco-managed S3 bucket (source: https://umbrella.cisco.com/products/packages)
To enable the OpenDNS functionality, contact DefenseStorm for assistance.
Adding Office 365 services is as easy as adding a cloud app. To avoid creating multiple passwords, the administrator uses their Active Directory (AD) credentials to setup Office 365 integration and ingestion of logs. Integration with Office 365 supports the following activities:
- File and folder
- Sharing and access request
- Site administration
- Exchange mailbox
- User administration
- Group administration
- Application administration
- Role administration
- Directory administration
- Go to Settings > Integrations > Office 365 icon > and select the option to Add Office 365 Account. Follow instructions displayed.
- Once you have selected the link and followed the steps provided by Microsoft, all that’s left is to give your Office 365 account a display name. You are redirected back to the DefenseStorm console, where you see the following:
- After the display name is added, a message displays saying that you have successfully integrated with Office 365. Note: Auditing on Exchange Mailboxes is off by default.