Leveraging AWS and DevOps to Improve Security Tools and Customer Outcomes
One of the numerous advantages we have within the PTP PeakPlus team is our ability to customize, automate, and expand security services that, in some cases, even the security vendor is unable to provide.
Our customer needed a replacement for Cisco Cloud Web Security (CWS) which they used for web proxying, URL filtering (keeping users from going to the wrong sites), and user internet usage reports (finding people that go to the wrong sites). The obvious and recommended choice from Cisco is the awesome Umbrella solution. It provides everything the customer needed as well as enhanced DNS and web security across their organization. The only issue was that for compliance the customer needed to be able to provide 90 days of log retention vs the standard 30 day limit the Umbrella product provides. Cisco does provide the ability to store the logs off the system, but this would mean the customer would have to be able to sift through raw logs then take that data and put it into some sort of readable format. This all equals a NO GO from the customer point of view.
So, the customer asked, "Can we fix it?" PTP answered, "Yes, we can!" (Is this a Bob the Builder reference?)
In order to meet the expectations of the customer, PTP provided a single, easy-to-use platform for user internet reporting which enabled search functions with adjustable date ranges, and easily digestible reporting clearly displaying user names, websites visited, and time/date.
Now if you want to get a little more into the weeds…
To get the user internet usage logs out of Umbrella we leveraged our strategic partner, AWS, and their S3 service. A new storage bucket and access policy were created in AWS to allow Umbrella to store compressed proxy and DNS logs in our corporate S3 buckets. Data lifecycle policies (within AWS S3) could then be deployed to maintain data for the required 90 days. In this format the data is still not searchable or useful to the customer.
Next, the user internet usage log data is moved out of AWS S3 and into AWS RDS to provide the required search functions needed for displaying the data in a readable format. The Security Services team created Lambda functions in AWS to move the data into RDS. These custom functions were set up with triggers allowing them to be run every time a new file added to AWS S3 bucket.
Custom scripts then decompress the data, normalize it, de-duplicate it, and index it into an AWS RDS instance running MariaDB. Millions of rows of data are currently being processed by these Lambda functions every day for this customer.
The final piece provides a place to search, view and print reports of the data from our PeakPlus View customer portal. This was achieved through new reports and integrations created to fetch and display internet usage data.
The customer is now able use the native functions of Cisco Umbrella while enjoying enhanced functionality due to the PTP Security Services team's ingenuity and tremendous work by PTP's engineering team.