About the customer
One of the largest aerospace and defence contractors globally. Multi-billion dollar business and 100,000 staff across four business groups: Aerospace, Marine Systems, Combat Systems, and Technologies. Their portfolio spans the world’s most technologically advanced business jets, wheeled combat vehicles, command and control systems, and nuclear submarines.
The customer was migrating from an on-premise hosted application to AWS Cloud hosted infrastructure, with key differences in how external clients could access the system. We were able to provide monitoring of the public cloud infrastructure, web application logging, web application firewalls, load balancers and access to the platform itself.
In addition to the initial scope, the emergence of COVID-19 and the restrictions that followed meant that the customer also required a rapid solution to suit remote working.
This customer has a set data tier which was scoped, based on a static inventory of assets that will be alive the length of the programme. The customer opted for a self-managed solution with the SOC providing support when required.
Support examples include new use cases, troubleshooting, knowledge transfer, and onboarding log sources, to name just a few areas.
The customer is now fully managed with the Managed Detection and Response (MDR) service from Claranet Cyber Security. Adding in threat intelligence for alerting and notifications, we extended the scope out to cover internal assets via the remote agent. This future-proofed the monitoring when COVID-19 and lockdown measures were put in place by the government, as the customer’s internal team moved away from being office based and turned to remote working. Claranet’s agility in this unprecedented situation allowed for the security service to be uninterrupted.
The requirement for an MDR solution was driven by a cloud migration project which saw a previously on-premise application deployment migrated to AWS. For the migration to be successful the server infrastructure was replaced with EC2 compute, RDS for database modelling, and WAF and ELB capability to protect the newly implemented web application. MDR was able to collect, process and parse the log data with its native integrations to AWS. We were also able to deploy our endpoint monitoring agent to the EC2 compute to give advanced detection capabilities at the endpoint server layer while also covering remote user systems. This has given visibility into cloud services and requests that are being made to the web applications. Outside of this we also cover off CloudTrail and GuardDuty across the regions to ensure the AWS platform is monitored.
Results and benefits
Our services ensure that this client can access security information and event management without the internal cost of running a SOC in-house, which can be over £100k per annum. Through our partnership, this client not only benefits from Cybersecurity services but continues to fully utilise our advisory services and expertise. This can be demonstrated through the extension of the scope to a multi-year deal, as well as the onboarding of additional assets during the COVID-19 pandemic.
Our communication plan with this client ensured that our solution to this rapid requirement was quickly implemented, without interruption to business operations. With the solution that we have deployed, the customer is now in a position where they can be sure the work they host and maintain for their customers is secure and they can continue to deliver exceptional services whilst working remotely.