Newcourt Retirement Fund Managers specialize in self-invested pension contracts and is one of a small number of companies approved by the Pensions Board and Revenue Commissioners to provide a Self Invested PRSA contract.
TerraAlto supported them in their migration of business systems to AWS and provide ongoing managed services for their AWS environments.
Trend Micro Deep Security SAAS on the AWS Marketplace is our preferred instance level anti-malware, intrusion prevention and file integrity solution in AWS environments. Especially the AWS Marketplace integrated SAAS option with instance hour and instance type based pricing.
A critical part of our client requirement is tracking and remediation of instances that are not managed by Trend Micro Deep Security in their environments. There are numerous alerting option in the TMDS management console but for some reason this does not include alerting on unmanaged instances. As part of our managed service we needed to address this gap.
Solution
- Use the Trend Micro Deep Security Python based API.
- Implement a Lambda function that uses the API to query for unmanaged instances, stores this information in a DynamoDB table, sends a security incident alert and when the incident is resolves updates the status of the instance in the Lambda table.
- Above is deployed with Cloudformation and SAM framework.
Challenges
Some of the challenges involved in this project were to:
- Avoiding multiple security incidents and or alerts being created for the same unmanaged instance.
- Authentication of Lambda against the TMDS API.
Benefits Delivered
- Remove the need for manual verification against list unmanaged instances for TMDS.
- Address client compliance requirements for anti-malware and intrusion prevention. Thus eliminating internal manual activities and resource allocation for this purpose.