Case Study

Global analytics company boosts controller-to-controller infrastructure security compliance rate to 95% with robust AWS solution

UST helped a global data analytics company transform its controller-to-controller (C2C) security infrastructure with a seamless AWS implementation. The automations and enhanced security features helped reduce vulnerability incident resolution times by 70%, decrease operating costs by 40%, and achieve a 95% security compliance rate.

Style

Post-info

OUR CLIENT

This global company provides analytics about consumer behaviors to help businesses understand how advertising and marketing reach and impact audiences. With services like media market ratings, audience segmentation, and competitive intelligence, its clients use data insights to predict consumer trends, uncover new opportunities, and reach target audiences. The company generates approximately $5 billion in revenue annually.

THE CHALLENGE

Addressing controller-to-controller infrastructure security vulnerabilities

Our client wanted to overhaul its controller-to-controller (C2C) infrastructure to keep pace with an increasingly complex threat landscape. This network architecture is typically used in software-defined networking where many different controllers communicate with each other across a distributed environment to manage and control a system. Specifically, the data analytics company wanted to:

Deploy a centralized threat monitoring platform—to improve C2C infrastructure visibility for easier threat detection and resolution
Boost security across web infrastructure—by implementing an application-layer firewall
Eliminate manual patching of Amazon Elastic Compute Cloud (EC2) instances—to accelerate maintenance cycles, avoid unplanned downtime, boost productivity, and reduce operating costs
Standardize patching and configuration processes—across all IT teams to reduce vulnerabilities and performance issues posed by inconsistent practices
Address security vulnerabilities for application access—since secure shell (SSH) access, which the company relied on heavily, required frequent IP updates and was difficult to manage and audit
Improve bot management—because exposure to bot attacks, scraping attempts, and C2C traffic spikes degraded application performance and increased the risk of distributed denial of service (DDoS) attacks
Improve resource utilization—since development and UAT environments ran continuously, incurring unnecessary costs outside of business hours without contributing to productivity

THE TRANSFORMATION

Delivering comprehensive C2C network security with automations and real-time insights

We implemented AWS Systems Manager (SSM) for automated, centralized configuration management, along with AWS Web Application Firewall (WAF) to fend off web-based attacks. Now, the company can automatically manage access configurations and security updates across multiple C2C regions and use real-time security insights to optimize network performance and respond to threats rapidly.

After a pilot implementation validated the effectiveness of the SSM and WAF technologies, we led a phased rollout to avoid disruptions across the C2C environment, established continuous feedback loops to refine WAF rules, and conducted training sessions to ensure the company’s IT team could effectively manage the cybersecurity solution. The engagement delivered:

Real-time monitoring and insights—by integrating WAF with Amazon CloudWatch, the security team can view detailed traffic metrics and threat logs to improve visibility and facilitate rapid threat responses
Centralized rule management—using AWS Firewall Manager, ensuring a unified security posture across departments, while AWS Lambda dynamically adjusts WAF rules based on real-time traffic insights
Automated EC2 patching—reducing manual intervention, improving stability across instances, and ensuring security
Consistent configuration management—since the SSM configuration tools enforce standardized, compliant setups to support compliance and operational consistency
Secure, SSH-Free access—because Session Manager, part of SSM, grants developers secure access to EC2 instances without open SSH ports and remote IP permissions, which reduces attack surfaces, provides detailed session logs, and simplifies audits
Advanced web access protection—since WAF defends against common web threats, like SQL injection and XSS
Precise C2C traffic control—from IP filtering and geo-blocking combined with WAF’s customizable access rules to manage suspicious traffic spikes, prevent DDoS attacks and limit exposure to potentially harmful sources
Consistent security across all access points—by integrating WAF with Amazon CloudFront, Amazon API Gateway, and Elastic Load Balancing, placing rules closer to end-users for faster response times and better performance
Cost-effective maintenance scheduling—since SSM’s maintenance windows automatically start and stop development and UAT instances according to India standard time work hours, reducing costs and optimizing resource usage

THE IMPACT

Improving security incident resolution times by 70% and cutting operating costs by 40%

The new scalable, adaptable C2C security framework streamlined workflows, improved IT productivity, boosted the company’s overall security posture, and delivered these impressive improvements:

70% reduction in vulnerability incident resolution times—from 15 hours to just four and a half hours
40% decrease in operating costs—thanks to the automated EC2 patching, dynamically adjusted WAF rules based on real-time C2C traffic insights, and automated SSM maintenance windows
35% increase in compliance monitoring rates—from 60 to 95%, demonstrating the benefits of the security operations transformation

Click here to learn more about UST cybersecurity services.