Use case
Boosting Security Monitoring with AWS Athena and VPC Flow Logs
- Mayur Duduka
About Duve
Virora is an industry leader providing an end-to-end guest management platform for the hospitality sector. Their platform enables hotels to streamline operations, from room reservations to customer support, and allows them to effectively manage high tourist seasons. Virora integrates with over 70 Property Management Systems (PMS) and Channel Management (CM) systems, supports 13 languages, and is trusted by hotels in over 60 countries. The platform helps hotels digitize processes, enhance guest experiences, and boost profitability with its modern, intuitive interface.
Customer Challenge
Virora needed to enhance their security framework to monitor potential data leaks or threats arising from external communications by application pods within Amazon EKS (Elastic Kubernetes Service). Specifically, the company required real-time visibility into network traffic to and from the virtual private cloud (VPC) interfaces, especially the requests sent to external IP addresses. Without this monitoring capability, Virora faced the risk of potential data breaches, leading to significant security vulnerabilities that could negatively impact their operations and the privacy of their clients.
Solution
IAMOPS addressed Virora’s challenge by implementing AWS services to enhance network visibility and security:
1. VPC Flow Logs:
The first step was enabling VPC flow logs to capture traffic in and out of Virora’s VPC network. These logs were stored in an Amazon S3 bucket for secure, long-term storage.
2. AWS Athena:
To make sense of the vast amount of traffic data, AWS Athena was used to query the VPC flow logs. IAMOPS developed SQL queries within Athena to extract relevant details such as external IP addresses and count the number of requests made to each. This solution enabled Virora to identify which external IPs were being accessed by the application pods and their frequency of access.
3. Data Visualization with Grafana:
For real-time monitoring, Athena was integrated with Grafana, allowing the visualization of query results. Grafana dashboards were designed to display comprehensive metrics, making it easy for Virora’s security team to monitor network activity and detect potential risks.
4. Alert Configuration:
Alerts were configured within Grafana based on specific thresholds for external IP activity. This enabled proactive monitoring, with automated notifications being sent whenever unusual patterns were detected, such as a sudden increase in traffic to suspicious external IPs.
4. S3 Storage Management:
IAMOPS implemented a retention policy for the logs stored in the S3 bucket, ensuring that data was stored only as long as needed, optimizing both storage costs and operational efficiency.
Semantic Release Workflow
Results & Benefits
- Improved Security Monitoring: Virora now has comprehensive visibility into all outbound traffic to external IPs, helping to identify potential threats quickly. This proactive approach significantly reduced the risk of data leaks and other security breaches.
- Efficient Data Processing: The use of AWS Athena allowed Virora to process large volumes of VPC flow logs efficiently, reducing the time spent manually sifting through network data. Athena’s serverless architecture also optimized costs, as Virora only paid for queries executed.
- Proactive Threat Response: With Grafana’s alerts and real-time visualization capabilities, Virora was equipped to respond swiftly to any suspicious activities, thereby reducing potential downtime or data exposure.
- Cost Savings: By leveraging a combination of S3, Athena, and Grafana, Virora was able to minimize storage and query costs, while benefiting from enhanced security monitoring. This translated into both operational efficiency and cost-effectiveness.
About IAMOPS
IAMOPS is a full DevOps suite company that supports technology companies to achieve intense production readiness.
Our mission is to ensure that our clients’ infrastructure and CI/CD pipelines are scalable, mitigate failure points, optimize performance, ensure uptime, and minimize costs.
Our DevOps suite includes DevOps Core, NOC 24/7, FinOps, QA Automation, and DevSecOps to accelerate overall exponential growth.
As an AWS Advanced Tier Partner and Reseller, we focus on two key pillars: Professionalism by adhering to best practices and utilizing advanced technologies, and Customer Experience with responsiveness, availability, clear project management, and transparency to provide an exceptional experience for our clients.