Recently, we had a conversation with Threat Stack customer Simple, an exciting, high-growth company that’s reinventing online banking. The case study below demonstrates how Simple leveraged Threat Stack to simplify its cloud security and gain more visibility into the operating systems of its production environment. Read on to learn more about how Simple consolidated its security efforts with Threat Stack and how they were able to accelerate their overall company growth, as a result.
Simple Finance Technology Company is reinventing online banking with modern web and mobile experiences, no surprise fees, and great customer service. Simple provides customers stylish Simple Visa® Card, no fees, and powerful budgeting and savings tools built right into the account—all accessible via web, iPhone, and Android.
Move Fast, Keep the Infrastructure (and Security) Simple
Simple is a unique business in the banking industry, delivering best-in-class technology systems and processes. The company has made significant investments in building an infrastructure that is flexible, scalable and secure, and it operates a service-oriented architecture on Amazon Web Services (AWS). Simple’s systems are configured in an immutable architecture built on Ubuntu Linux EC2 hosts in Amazon VPC. The company uses Chef for configuration management, and has a continuous integration process using Jenkins.
One benefit of Simple’s immutable architecture is easier security and anomaly detection, said Simple’s Director of Information Security, Dave Dyk. But as Dyk explained, “We were manually monitoring Linux OS event logs, application security event logs and intrusion detection system event logs. We weren’t consolidating any of these efforts. We also had file integrity monitoring for PCI purposes, but weren’t doing anything with the output it produced.”
Threat Stack: A Simple Choice
Recognizing the need to simplify its cloud security and gain more visibility into the operating systems of its production environment, Dyk and his team searched for a solution that would give them security, compliance and operational efficiency. They quickly selected Threat Stack, given its AWS-native design, ability to auto-scale and rapid deployment capabilities.
Accordingly to Dyk, implementing Threat Stack was easy. Deploying an agent took just a few minutes, allowing Simple to rest assured knowing that Threat Stack was always on and watching for threats. Simple deployed Threat Stack to all of its 500+ EC2 instances to help consolidate and analyze security events across the entire infrastructure. Because Simple uses Chef and has an immutable infrastructure, it only needed to update its Chef recipes to add in the Threat Stack agent. Within a week, all its instances were rolled over, automatically running Threat Stack agents on each new instance that came online to provide continuous coverage.
Delivering Immediate Value
“We were looking at security event logs before, but Threat Stack gave us better visibility into some activities in our environment,” said Dyk. “For example, we were able to see some privileged user activity across our fleet. We identified processes that we needed to tweak to better secure our environment, such as preventing engineers from unauthorized copying of files from the production environment.”
The Simple team has also been working with Threat Stack to tune alerts, which allows Simple to pay attention only to events and issues that are most relevant to their organization. “Threat Stack has allowed us to reduce the number of sources we use to monitor events,” said Dyk. “Prior to Threat Stack, we were looking at file integrity logs for all servers manually and we relied on a jump box to evaluate our environment. With Threat Stack, we’re able to get all the event data from the servers themselves, so we’re less likely to have an incomplete view of what’s going across our EC2 instances.”
Simple will continue to scale its environment and implement new technology in the years ahead, so finding Threat Stack — a security monitoring solution that can scale at the same rate as Simple — was paramount. Dyk explained, “We’ve been deploying a lot of new services, so having Threat Stack and other security controls as part of our base service platform gives us a standard set of tools that are everywhere across our environment. This makes us more efficient in writing software for new services, which is a fundamental part of our overall strategy.”
If you are interested in deploying Threat Stack’s security monitoring solution for your business, click below or contact us today at [email protected].