AWS Marketplace

Improving cloud security by deploying WitFoo Precinct 6.0 on AWS

The human resource needs of cybersecurity can cause organizational strain. Organizations have access to plenty of security tools but might not have enough skilled personnel to maximize their use. They might also have difficulty contending with the growing number of security events that need to be investigated every day. There are also financial and technical constraints to securing corporate networks. By following this tutorial, you can deploy WitFoo Precinct on your AWS cloud. WitFoo can help reduce risk and the labor costs associated with cybersecurity operations.

In this post, I show how to deploy WitFoo Precinct 6.0 on your AWS cloud. To start, either navigate to AWS Marketplace and enter witfoo in the search bar or follow this link to WitFoo.

Walkthrough: improving cloud security using WitFoo Precinct

Step 1: deploy WitFoo Precinct 6.0

First, deploy WitFoo Precinct from AWS Marketplace.

  1. Choose whether you want to bring your own license (BYOL) or to try the solution using the Free Trial. For the purposes of this tutorial, I chose the Free Trial.
  2. In the Pricing Information tab, estimate your costs. To do that, in the Estimating your costs box, do the following:
    1. Choose your Region. I chose US East – N. Virginia.
    2. Choose Fulfillment Option. I chose 64-bit (x86) Amazon Machine Image.
    3. Select your EC2 Instance Type. I recommend you to use c5.4xlarge or higher.
    4. Choose Continue to Subscribe in the upper right.
  3. Read through the Terms and Conditions. If you agree to them, choose Accept Terms.
  4. Choose Continue to Configuration.
  5. Under Configure this software, verify the configuration details for your environment. For example, I chose:
    1. Delivery Method: 64-bin (x86) Amazon Machine Image (AMI)
    2. Software Version: 0.3.3
    3. Region: US East (N. Virginia)
  6. Choose Continue to Launch.
  7. Under Launch this software, I verified that my EC2 Instance Type did not change and is the size that I intend to use and be charged for. You can change if needed. I also executed the following steps:
    1. Choose Action: Launch from Website
    2. EC2 Instance Type: 4xlarge
    3. VPC Settings: I chose an existing VPC where I wanted to launch WitFoo. If you wish to create a separate VPC for WitFoo, you can also choose to Create a VPC in EC2. Refer to this guide on how to create new VPC.
    4. Subnet Settings: I chose one of my existing subnets. If you wish to create a separate VPC for WitFoo, you can also choose to Create a subnet in EC2. Refer to this guide on how to create new subnets.
    5. Security Group Settings: I chose one of my existing security groups. If you wish to create a new one, select Create New Based on Seller Settings, and then enter a name of your security group and description. Select Save.
    6. Key Pair Settings: I chose one of my existing AWS key pairs. If you want to create a new key pair, choose Create a key pair in EC2. Refer to this guide to create or import new key pair.
    7. Choose Launch.
  8. If the launch is successful, it will display the following message:

Congratulations! An instance of this software is successfully deployed on EC2!

AMI ID: ami-xxxxxxxxxxxxxxx

You can view this instance on EC2 Console. You can also view all instances on Your Software. Software and AWS hourly usage fees apply when the instance is running and will appear on your monthly bill.

If you don’t see this successful message, contact AWS support for help.

  1. From the message above, choose EC2 Console. Select the instance ID displayed from step 1.8 and take note of the IPv4 Public IP. You use it later.

Step 2: register your WitFoo Precinct instance

In this step, you register your Precinct instance to enable full features.

  1. Log in to Precinct instance via SSH using PUTTY or a similar application. Use the IP address from step 1.9 and the key pair from step 1.7f.
  2. Once logged in to the SSH console, start the registration process. To do this, enter sudo ./register.
  3. After the registration process starts, you are presented with a screen that lists system information, package updates, last login, and your license key. It also asks you to choose which role your launched instance will fulfill: all-in-one, management, streaming, or data. Choose your role. If you’re not sure, choose [1] All-In-One, which can be updated later.
  4. When registration has completed, you can view the installation status by entering ./status. This shows your deployment pulling and installing the necessary packages.
  5. Once you see a page ending in ACTION FINISHED services refresh, you can access your deployment via web interface.

Step 3: register your first user and log in

  1. On a browser, navigate to the public IP Address you noted in step 1.7f.
  2. You must register your first user before logging in. To register your first user, enter a full name, email address, password, and password confirmation. Choose Register. You will immediately be redirected to the WitFoo Precinct login page.
  3. On the WitFoo Precinct login page, enter the username, which is the email address and password you created in step 2. Then choose Login.
  4. Once logged in, from the top navigation bar, choose To create additional users, from the drop-down options, choose Users. You can also choose Admin and then Settings from the drop-down options. From here, you can enable integrations and enable notifications.

Conclusion

In this post, I showed you how to deploy WitFoo Precinct from AWS Marketplace and begin improving your approach to cybersecurity operations. You can use WitFoo Precinct to provide detailed analysis of active attacks for incident responders and evaluate the performance of security manager tools. You can also empower security executives with general accounting principles (GAP) metrics, evaluate vendors by concrete business effectiveness metrics, and share vetted threat intelligences with other organizations.

Additional resources

Additional resources for Tools integrations 

Training materials for Precinct Certified User and Certified Engineer 

About the authors

Tim Bradford, Chief Executive Officer, Co-Founder

Tim Bradford is a Senior Executive with over 20 years of experience in software sales and information security. He has closed strategic deals with several Fortune 500 companies and enjoys developing and nurturing a nonexistent territory into a profitable one. He is applying these same principles and experience to grow WitFoo into a leader in cybersecurity operations.

 

Nam Le, Senior Partner Solutions Architect, AWS Marketplace

Nam Le focuses on security and governance with close to 20 years of experience in consulting, sales and engineering. He specializes in AWS Control Tower, AWS Service Catalog, AWS Marketplace, and AWS Data Exchange. As an AWS Marketplace Solutions Architect, he also works with AWS partners to build and deliver best-practices solutions to customers. Outside of work, he enjoys biking, car building, travel photography, and spending time with family.