Managed Security Services and Consulting for AWS

Enable secure scaling of workloads to AWS Cloud with automation and agility.


As an AWS Partner Network (APN) Premier Consulting Partner and audited AWS Level 1 Managed Security Services Provider, DXC is uniquely positioned to secure large organizations running hybrid and native AWS workloads.  Managed Security Services are provided by regional delivery teams complemented by 9 global Security Operations Centers (SOC).

AWS Level 1 MSSP competency represents a set of capabilities to identify, protect, detect, respond, and recover from cyber security threats in a cloud environment and are applicable to every AWS customer. Level 1 MSSP Competency Partners are audited annually to provide at minimum, the 24/7 security protection and monitoring required in the baseline.

DXC approach starts with ensuring the AWS environment is correctly architected to support security and compliance needs and to deploy a comprehensive and cohesive suite of security processes, services and tools that will mitigate risks and optimize the business impact of the customer ‘s investment in AWS cloud.

DXC Managed Security Services on AWS

AWS Infrastructure Vulnerability Scanning

Routinely scanning your AWS infrastructure resources for known software vulnerabilities increases the security posture of your organization by identifying and remediating the highest risk vulnerabilities to ensure that your infrastructure remains in line with security best practices.

AWS Resource Inventory Visibility

Continuously scan and report on all AWS resources, and their configuration details, updated automatically with newly added or removed resources.

AWS Security Best Practices Monitoring

Detect when AWS accounts and the configuration of deployed resources do not align to security best practices.

AWS Compliance Monitoring

Compliance scanning improves cloud security governance and compliance posture and provides controls for security standards including CIS AWS Foundations, PCI DSS, HIPAA, HITRUST, ISO 27001, MITRE ATT@CK, AND SOC2.

Moniter, Triage Security Events

Intelligent threat detection service operated by security experts continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

24/7 Incident Alerting and Response

24/7 security intelligence and orchestration services operated by security experts to provide security incident alerting and remediation services automatically routed to DXC PlatformXTM for 24x7 monitoring and remediation.

Distributed Denial of Service (DDoS) Mitigation

A system backed by technology and security experts monitoring 24/7 for Distributed Denial of Service (DDoS) attacks against your AWS applications.

Managed Intrusion Prevention System (IPS)

Protect your environment from known and emerging network threats that seek to exploit known vulnerabilities.

Managed Detection and Response for AWS Endpoints

A combination of technology and cloud security experts working to continuously detect, investigate, and remove threats from within your AWS endpoints.

Managed Web Application Firewall (WAF)

A firewall managed service designed to protect web-facing applications and APIs against common exploits.

Additional Security Services
  • Digital Forensics and Investigations (DFI)
  • Threat Hunting
  • WAR: Well Architected Review Service - DXC Professionals audit customer environment to identify and remediate security gaps, design flaws and configuration errors

 

Customer Stories

Insurance

Health insurer securely manages IT transformation to AWS cloud

A leading health insurer, implementing a business transformation program to AWS cloud, needed to ensure security to protect sensitive customer information. To safeguard infrastructure and applications, the company needed to centralize monitoring and logging in its expanding cloud landscape, identify and respond to threats, and provide key reports to management.

Working with DXC, the company developed, implemented and managed analytics, logging and monitoring of all workload activities across AWS environments, and extended security services across separate virtual private clouds (VPCs) separately, while connecting the VPCs using AWS Transit Gateway. DXC also implemented Elastic Search, Logstash and the Kibana stack to provide insight into environment and a holistic perspective across environments and ensure highly secure access controls.

The result was a scalable, flexible and affordable solution with high level of security to support the carrier’s transformation. The company benefited from centralized monitoring and maintenance and intuitive security analysis and dashboard capabilities.

Healthcare and Life Sciences

Top healthcare security firm focuses on perimeter security

This leading company needed to protect against major threats while moving on-premises workloads to AWS cloud. The firm focused on improving perimeter security for all traffic coming from the internet and providing a single entry point for administrators to manage all EC2 servers.

Implementing AWS Transit Gateway attached to all VPCs to effectively manage routing, DXC created separate VPCs to segregate business lines and production/non-production environments. Connections to the AWS environment were regulated through a single gateway with traceability assured with a centralized logging account, in addition to comprehensive policies, enhanced detection and compliance, monitoring and privileged permission for access.

As a result, the firm achieve an unprecedented level of detail and control and a single pane to monitor on-premises and cloud environments.

Manufacturing

Company secures identity and AWS resource compliance

In migrating on-premises workloads to AWS, this manufacturer needed to prevent unauthorized access to information assets and ensure compliance and consistent tagging for all AWS resources across multiple accounts.

DXC prepared a comprehensive set of policies to cover end-to-end processes according to type and level of access, enhanced detection, and performed compliance checks across the environment, using AWS configuration.

The company improved its security posture and fulfilled business requirements to ensure compliance with information security policies and protection of information assets, promoting a better information security culture.

Transportation

Firm relies on DXC SIEM across multi-region AWS environment

The goals of this leading transportation organization included migrating its entire on-premises workloads to AWS public cloud with minimal time, effort and cost. And doing that included overcoming challenges for robust connectivity between global infrastructure and multi-region environments, with in-depth visibility into the security of the infrastructure and applications.

DXC was able to quickly deliver security information and log data security information in a shared DXC security and event management (SIEM) system. DXC also focused on simplifying networking by connecting VPCs and on-premises networks through a central hub and used software-defined wide-area network (SD WAN) for connectivity to branch customer offices and the cloud.

Several AWS tools were used including AWS CloudTrail for governance, compliance, operational auditing and risk auditing, Amazon CloudWatch monitoring and management to collect and store logs, and ArcSight Integration to automate log collection and management. Now the company can rearchitect the system to take advantage of cloud-native services.

Retail

Retailer ensures comprehensive security monitoring in cloud

As a leading retailer migrated applications to AWS cloud, the company needed to address concerns about data breaches, account hijacking, insider threats, and denial-of-service attacks.

The firm needed a secure landing zone for AWS and multiple data centers and centralized network monitoring of ingress and egress traffic from different accounts, data centers, and external public traffic, using site-to-site VPN for the hybrid environment.

DXC implemented an AWS Transit Gateway attached to all VPCs to effectively to manage routing and segmented the network to create micro perimeters that restrict traffic based on business requirements. Other native services including Amazon CloudWatch and AWS CloudTrail enhanced monitoring and detection of intrusions, and AWS WAF and AWS Guard Duty minimize the threat and impact of DDOS attacks. An existing Fortinet solution was used to manage network security on premises and enable seamless interactions across the hybrid environment. The result: a scalable, central network monitoring solution in the cloud.

FInancial Services

Market leader implements cost-effective security monitoring solution

In deciding to migrate applications from an on-premises environment to AWS cloud, this leading financial services firm needed to ensure security for critical and highly confidential data, continuously monitor for threats, and pass security audits that monitor any malicious activity within the AWS environment.

DXC implemented a cost-effective security monitoring solution using Amazon GuardDuty integrated with an existing incident management tool, plus AWS services including Amazon CloudWatch, Amazon SNS and AWS Lambda. The new system manages and remediates security findings based on severity of the incident; prioritizes incidents, and immediately analyzes high-priority findings for review prior to remediation.

The company can now ensure immediate, appropriate responses to security threats and adequately prepare for periodic compliance audits by its end customers.

Learn more about the DXC Practice for AWS.