借助 Check Point CloudGuard 在 AWS 上集中实现持续合规性和安全性最佳实践
技术
- 网络安全和隐私 - 安全合规
- 传感器 - 温度传感器
适用行业
- 玻璃
- 国家安全与国防
适用功能
- 质量保证
- 仓库和库存管理
用例
- 网络安全
- 库存管理
服务
- 云规划/设计/实施服务
- 系统集成
关于客户
Centrify 是一家领先的网络安全公司,为全球 5,000 多个组织提供服务。其安全平台将身份即服务 (IDaaS)、特权访问管理 (PAM) 和企业移动管理 (EMM) 融合到一个解决方案中。随着组织迁移到 Amazon Web Services (AWS),Centrify 会验证对资源的访问,确保所使用的设备是可信端点,并帮助建立基于角色的访问。最近,Centrify 决定将其所有软件即服务 (SaaS) 应用程序迁移到 AWS,并成为 AWS 合作伙伴网络 (APN) 高级技术合作伙伴。
挑战
Centrify 是一家领先的网络安全公司,在将其软件即服务 (SaaS) 应用程序迁移到 Amazon Web Services (AWS) 时面临着多项挑战。第一个挑战是云库存管理。通过新的应用程序部署,创建了各种安全组、IAM 角色、策略和 Amazon Simple Storage Service (Amazon S3) 存储桶。由于 SaaS 环境的动态特性,Centrify IT 团队必须花费大量时间来了解其环境和资产的最新情况。第二个挑战是云合规性。 Centrify 需要确保在快速可扩展的 AWS 环境中持续遵守各种框架。错误配置或策略更改可能会立即导致它们不合规。他们需要将自动化功能内置到现有的工作流程中。第三个挑战是网络可见性。 Centrify 需要一种能够提供安全基础设施详细视图并帮助识别错误配置的解决方案。他们需要一种工具来通过单一管理平台合成和可视化来自多个帐户和区域的信息。
解决方案
Centrify 选择 Check Point CloudGuard 状态管理来解决他们的挑战。 CloudGuard 状态管理改进了库存管理和态势感知,提供单一管理平台来管理 Centrify 所有动态云资产的覆盖范围。它允许 Centrify 过滤并获取环境中任何实例或对象的即时信息。 CloudGuard Posture Management 的合规引擎持续监控 Centrify 的云基础设施并帮助检测策略违规行为。当发生策略违规时,CloudGuard Posture Management 将立即推送可能触发自动响应的通知。 CloudGuard Posture Management 与 Centrify 现有系统的集成快速、无缝。仅仅几天后,他们的所有 SaaS 应用程序都已登录到 CloudGuard 状态管理平台。 CloudGuard Posture Management 的 REST API 和单点登录特性简化了流程,使 Centrify 可以轻松为其系统建立正确的权限级别。
运营影响
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Data Capture for Afghanistan Forces
Electronic equipments on the field of Afghanistan provided information on the status of the vehicle and to identify potential threats surrounding it to the British Force. The monitoring and interpretation of this data requires robust and sophisticated digitization for data capture and communication.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
.png)
Case Study
Discrete Manufacturing Industries (Fiberglass Pipe)
The implementation of ERP software in a Discrete Manufacturing organization needs to be strategic, irrespective of its size and capacity. The client had already implemented an ERP system which fulfilled their requirements but was not efficient enough. Efficiency here meant Synchronized Planning, Updating and Multisite Planning. Planning at client’s place was done outside the ERP system. Lack of proper synchronization to the ERP system paved way to huge delays in the changes getting updated in the system. These delays caused disruption in achieving delivery schedules. Multisite Planning is a solution to an organization which has multiple production units (may or may not be geographically separated) and thus needs planning across these units to synchronize production activities within them. The client also has multiple factories and hence Production Planning control is very essential in their case. Since Multisite planning was not possible with Baan ERP system, this was another bottleneck for the client.
Case Study
Major Aerospace Company Automates Asset Management
The O&M division of an aerospace and global security company was using spreadsheets to manually track more than 3,000 assets assigned to students and staff. Maintaining audit trails for this high volume of equipment became increasingly time-consuming and challenging. The chore involved knowing precisely what equipment was on hand, what had been issued, its location and the name of the custodial owner of each item. Every aspect of this task was carried owner of each item. Every aspect of this task was carried out by individuals with spreadsheets. Manually documenting the full lifecycle of each asset added to the burden. This included tracking maintenance requirements and records, incidents and damages, repairs, calibrations, depreciation, and end-of-life data.
Case Study
Securing a Large Data Center in the EMEA Region: An IoT Case Study
A leading data-center operator in the EMEA region, with multiple facilities spanning over 25,000 square meters, faced significant security challenges. The operator experienced interruptions in their internal IT network due to unsupervised work of third-party technicians. Despite having a high-end building control system that provided 24x7 monitoring and control to all the building’s infrastructure, the data center was vulnerable from a cyber perspective as it was connected to the IT network infrastructure. The operator launched an urgent OT cyber security project that included both IT-OT network segmentation and OT network asset mapping and anomaly detection. The main objectives were to harden the security of the server systems, secure the facility’s power supply and server cooling system, strengthen the segmentation between building and operational systems, create a visual OT network map, and set up a system for presenting supply-chain attacks that may threaten the data center through equipment vendors’ maintenance activities.
Case Study
Leveraging Graph Technology for Enhanced Cybersecurity: A Case Study on MITRE's CyGraph
MITRE, a federally-funded, not-for-profit company that manages seven national research and development laboratories in the United States, was grappling with the challenge of managing an influx of cybersecurity data. The constant changes in network environments were impacting the security posture of U.S. government agencies. Intrusion alerts, anti-virus warnings, and seemingly benign events like logins, service connections, and file share access were all potentially associated with adversary activity. The cybersecurity researchers at MITRE needed to go beyond rudimentary assessments of security posture and attack response. This required merging isolated data into higher-level knowledge of network-wide attack vulnerabilities and mission readiness. The challenge was not the lack of information, but the ability to assemble disparate pieces of information into an overall analytic picture for situational awareness, optimal courses of action, and maintaining mission readiness. The team also struggled with fully comprehending a given security environment and mapping all known vulnerabilities.
