CyberMetrics Increases Visibility into Cloud Security on AWS Using Sophos

Founded in 1988, CyberMetrics is a 25-person software company headquartered in Phoenix, Arizona, that helps more than 15,000 facilities worldwide save time and money. CyberMetrics primarily serves the manufacturing industry, developing software to improve quality, reduce costs, and maximize productivity. Some functions of its software include implementing inventory control, optimizing calibration intervals, tracking gauges, and assuring standards compliance. In addition to these services, CyberMetrics provides technical support, training, and client solutions.

CyberMetrics uses AWS servers to host its software-as-a-service products. To power its applications, CyberMetrics engages Amazon Elastic Compute Cloud (Amazon EC2), which offers secure and resizable compute capacity. The company also uses Amazon Simple Email Service (Amazon SES), a cloud email service provider that can integrate into nearly any application for bulk email sending.

Whereas AWS provides security for its infrastructure services and related functionality, AWS customers like CyberMetrics are responsible for securing their own applications and data on the servers. Devin Ellis, chief technology officer at CyberMetrics, alongside Brian Hertenstein, systems operations manager, were measuring, managing, and mitigating threats by themselves. They had set up a compliant environment, but they needed a security event plan and adequate coverage for dealing with active threats. With the small team already spread too thin and the cyber-threat landscape growing more dangerous by the day, CyberMetrics looked for a security solution that could save time and provide greater visibility into the cloud environment.

After a demonstration of Sophos’s capabilities and products, the CyberMetrics team knew that Sophos, found in both the AWS Solutions Library and AWS Marketplace, could provide the solution that it needed. “Sophos gave us a real workforce that we didn’t have to hire and could use to analyze and review everything for both on premises and AWS,” says Ellis. “That was a huge decision-maker for us.”

CyberMetrics replaced legacy antivirus software with Sophos Intercept X Endpoint, which combines multiple techniques to prevent cyber events before they can damage the system. The deployment was straightforward, and Hertenstein did most of the work himself, with the Sophos Professional Services team on standby to answer questions and double-check his work. In addition to this security solution, the team also implemented Sophos Cybersecurity as a Service for AWS and Sophos Cloud Optix, which provides cloud security posture management, cloud workload protection, and cloud infrastructure entitlements management functionality.

By working alongside the Sophos team, CyberMetrics instantly gained a full cybersecurity team. Cybersecurity as a Service for AWS provides continuous monitoring of the CyberMetrics environment. “Cybersecurity as a Service for AWS saves me from having to go down the rabbit hole of something that is not my area of expertise,” says Hertenstein. If the Sophos team detects a threat, it sends out swift notifications and acts to block the threat, identify the source, and create a strategy to block similar threats in the future. The service tremendously reduced Hertenstein’s workload and freed up team members to focus more on strategic projects and other important tasks.

In addition, Cybersecurity as a Service for AWS offered the team greater peace of mind. The alerting system was an invaluable resource while Hertenstein was away on paternity leave—during his time away, he received threat detection notifications, but the Sophos team isolated and solved the problems before they could do damage. Hertenstein felt reassured throughout his leave that security at CyberMetrics was under control.

Sophos Cloud Optix provided greater visibility into the AWS Cloud environment, including its cloud storage management on Amazon Relational Database Service (Amazon RDS), a collection of managed services that make it simple to set up, operate, and scale databases in the cloud. Previously, Hertenstein would have to painstakingly navigate through software to find what he wanted. Now, the CyberMetrics team can easily access the information that it needs to identify compliance risks and fill gaps in security with a few clicks. In addition, Cloud Optix offers insight and actionable guidance that previous software didn’t.