Whitepaper

Ransomware Vectors

While ransomware attacks are becoming more common, understanding the main attack vectors is essential to ensuring protection.

Parallel Lines

6pillars now offers end-to-end Anti-Ransomware Automation (AUTOMATE+ ARA) in AWS, allowing customers to leverage native AWS services combined with 6pillars’ own Patent Pending automation technology to:

  • Protect - autoremediation corrects security issues in AWS in real time

  • Detect - detect and alert on security issues through integrations with Slack®.

  • Recover - leverage 6pillars’-developed custom controls to automate recovery

There will be ransomware attack every 11 seconds by 2022 and by that time, the global cost will be $20 billion yearly (source: Dataprot).

The prolific acceleration of ransomware attacks globally is what happens when bad actors adopt automation faster than their targets. 6pillars AUTOMATE+ ARA seeks to head off that threat by leveraging automation for good and protecting customer’s environments from end to end, allowing customers to protect, detect and recover in near real time.

In addition, 6pillars has included Patent Pending innovations including industry-first Automation Safeguards, which ensure that automation can be fully customised and won’t impact application workload performance, availability or accessibility.

6pillars has also partnered with SentinelOne (NYSE:S), the leader in endpoint protection delivering the defences customers need to prevent, detect, and undo known and unknown threats, to develop and incorporate SentinelOne’s new SentinelOne for AWS Security Hub product into AUTOMATE+ ARA.

 

This integration allows customers to not only benefit from SentinelOne’s unmatched endpoint protection but to view threat findings directly in AWS Security Hub.

AUTOMATE+
Anti-Ransomware Automation

Executive Summary

Faced with a global challenge affecting their industry, Kudos Travel Technology pivoted to embrace cloud best practice as well as maximise their compliance and security posture through shifting to a continuous compliance model, leveraging automation.

 

Kudos’s Challenge

Recent challenges facing the local and international travel industries have been well documented. In the face of these challenges, Kudos saw an opportunity to differentiate, win market share and emerge stronger as a result.

 

A core pillar of Kudos’ strategy was differentiation through achieving a far higher level of PCI-DSS compliance than was required by their customers. Having engaged a PCI-DSS Quality Security Assessor (Stratica) to support them on the journey of achieving Level 1 PCI-DSS compliance, Kudos also identified the need for an AWS partner that could enable them to not only achieve compliance as quickly and cost effectively as possible, but also ensure that compliance was maintained on an ongoing basis with minimal cost or operational overhead.

 

5pillars' Solution

5pillars solution leverages all the benefits of AWS’ comprehensive suite of native security and compliance services to deliver not only AWS best practice, but does so using patent pending automation technology combined with a comprehensive playbook library to ensure the compliance holy grail; fully automated, best of breed, continuous compliance with minimal operational impact.

 

Deploy

5pillars engaged with Kudos in an initial discovery and “Deploy” phase, evaluating the Kudos environment and deploying AWS native security services. During this process, 5pillars also made recommendations to allow optimization of the Kudos environment to achieve optimal performance, availability and cost effectiveness.

 

Analyse

Once all necessary AWS security and compliance services had been deployed (including AWS Security Hub, Control Tower, Config, GuardDuty, etc.), 5pillars was able to easily analyse and establish Kudos’ security and compliance posture. 

 

Automate

5pillars’ security and compliance automation was then deployed to enable continuous compliance with both best practice and all the standards referenced by AWS Security Hub.

 

Optimise

5pillars provides optimization of and creation of new playbooks as part of its MSSP offering. When a new alert is detected, incident response triages the issue and then compiles automation to automatically remediate any future recurrence.

 

Why Kudos Chose 5pillars

When Kudos were going through their compliance process, they asked for advice from their QSA Stratica and a referral to a trusted and skilled AWS partner.

“We chose 5pillars based on Stratica’s advice and have been impressed at the skills, experience, performance and unique value proposition of the continuous compliance that 5pillars delivers.”

 

Why AWS

Kudos chose AWS as the leading hyperscale cloud platform. AWS were not only able to deliver performant, reliable and cost-effective cloud infrastructure and services but combine that with the most comprehensive and mature cloud native and integrated security services.

 

Results and Benefits

- Enhanced Agility: Faster compliance with CIS, PCI-DSS, AWSFS standards

- Reduced Overheads: Zero touch, continuous automated compliance

- Reduced Risk: Continuous alignment with cloud security best practice

- Reduced Pain: Elimination of technical remediation of annual recompliance

 

Phil Rasmussen, MD of Kudos Travel Technology:

"We made a decision in 2020 to pursue a land grab strategy and have that driven by a focus on best practice and compliance.”

 

“High levels of compliance are operationally daunting and can be prohibitively expensive. In addition, compliance is always driven by a panicked project that companies typically push through, ignore for 9 months and then dread the anniversary of the same process.”

 

“We quickly realized that 5pillars could not only massively accelerate our achievement of AWS best practice including the highest level of PCI-DSS compliance but, by achieving continuous compliance through 5pillars automation, enable us to turn compliance into a powerful differentiator and compelling USP that allows us to win marketshare and grow revenue.”

 

“With 5pillars now we’re not just compliant, we’re continuously compliant and best practice.”