Customer Stories / Manufacturing
Siemens Strengthens Security and Enhances Productivity Using AWS
When the company looked to strengthen its security posture, however, it realized it would need a more robust system, one that would gather data from multiple sources and provide opportunities for automation.
Siemens decided to modernize its security infrastructure on Amazon Web Services (AWS). Using a suite of AWS services, including AWS Security Hub—a cloud security posture management service that performs security best practice checks, aggregates alerts, and facilitates automated remediation—the company’s security team consolidated critical data on a centralized dashboard, automated notifications, and improved communication with the other teams it manages.
Opportunity | Integrating AWS Services with Existing Tools
Siemens, a technology and industrial manufacturing company based in Munich, produces equipment and components for energy, healthcare, and other industries around the world. With 303,000 employees, a strong security posture is critical to the company’s operations. The Digital Industries Software (DISW) software-as-a-service (SaaS) security team at Siemens manages over 300 accounts across 30 internal groups—a large task for its team of around seven security analysts and engineers. The process, which used to be manual, involved managing data coming from different teams, tools, and locations within the company.
To strengthen its security posture and automate important tasks, Siemens turned to AWS. One of the primary drivers of the company’s decision to use AWS was the ease with which it could adopt AWS services and integrate them into its existing tools. “We wanted to have centralized access to all of our information,” says Scott Schwartz, senior infrastructure engineer at Siemens. “We wanted to aggregate it from accounts across the organization and integrate it with all of our tools.”
The company was already using Amazon GuardDuty—a threat detection service that continuously monitors AWS accounts for malicious activity and delivers detailed security findings for visibility and remediation—to aggregate some security findings. But the security team wanted to build out its monitoring at an organization level. In addition, it wanted to configure its own security standards, making it possible to choose which types of findings become part of its reports. In early 2021, Siemens began using AWS Security Hub and was able to integrate several existing software tools that were key to its workflows, such as Splunk, a security information and event management tool. “It was simple to build an integration that pulls data from numerous sources, including AWS Security Hub and Amazon GuardDuty, into Splunk,” says Schwartz. “Being able to use AWS services with existing tools was a big win.”
Pulling data individually from each source and doing our own correlations was difficult. Migrating to AWS Security Hub and Amazon GuardDuty gave us a central view into that data, which was very desirable."
Senior Infrastructure Engineer, Siemens
Solution | Achieving a Consolidated Security Dashboard on AWS
The breadth of coverage that AWS Security Hub provides was a key benefit as Siemens built out its security infrastructure in the cloud. “Pulling data individually from each source and doing our own correlations was difficult,” says Schwartz. “Migrating to AWS Security Hub and Amazon GuardDuty gave us a central view into that data, which was very desirable.” On a unified dashboard, Siemens can more quickly identify vulnerabilities, investigate discrepancies, and, most importantly, resolve issues. One of the simplest ways to measure the success of its security is by analyzing the number of findings in AWS Security Hub related to a particular issue. For example, during one incident, Siemens used Amazon Inspector, an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure, to send nearly 2,500 security findings to AWS Security Hub. Then, the company was able to automate both real-time and periodic notifications to the 21 affected accounts using Amazon CloudWatch, which provides data and actionable insights to monitor applications, respond to system-wide performance changes, and optimize resource utilization. The team visualized the remediation of these findings with ease through a real-time Splunk dashboard based on the data from AWS Security Hub.
This visibility and the automation capabilities of AWS services have been transformative to the DISW SaaS security team’s workflows. By integrating AWS Security Hub with Cloud Custodian, an open-source tool for scripting cloud management rules, Siemens achieved detailed logging and notification capabilities. It also provisioned rules for AWS Config, a service for assessing, auditing, and evaluating the configurations of AWS resources. Now, the system can notify team members almost instantaneously if it detects unexpected activity. The security team can then determine whether an issue is malicious activity or simply unexpected behavior. “The team members have more knowledge and experience now, and they can make 95 percent of these determinations themselves,” says Schwartz. Better data and faster decisions have also led to improved communication with other internal groups.
As the security team monitors activity across the company, another concern is each team’s spending. Previously, teams managed their own spending, but now the security team can oversee everything using AWS. “We have alerts and reporting set up in multiple places to cover as many bases as possible,” says Schwartz. In addition, the security team is responsible for provisioning all accounts going to market with a SaaS product, such as Xcelerator, using AWS Organizations, which lets organizations centrally manage and govern their environments as they grow and scale their AWS resources. As a result, Siemens can create new accounts in a standardized way with features already in place. Further, being able to seamlessly build and troubleshoot security features using AWS has enhanced the security team’s work with other teams. “Where there used to be friction when we worked on other teams’ security, there’s now collaboration,” says Schwartz.
Outcome | Planning for Secure Growth in the Cloud
The Siemens DISW SaaS security team has greatly improved its AWS Security Hub score, an important metric that represents the percentage of systems running without issue. Now, it wants to help the development and operational teams do the same by giving them the same access to AWS Security Hub findings and providing support to resolve them. “By using AWS, we can provide the same degree of security to other teams by default,” says Schwartz.
Meanwhile, Siemens has plans for a significant amount of upcoming work, which will make strong security even more important across the company. “There are so many services and features on AWS that you can continually learn and improve,” says Schwartz. “It’s great as a customer to have access to that breadth of services.”
CSO Cloud Custodian Architecture and Process Flow
Splunk Ingestion of Native AWS Log Sources
Based in Munich, Siemens is a global technology and industrial manufacturing company that produces components for energy, healthcare, and other industries. With 303,000 employees, it is also a prominent maker of medical diagnostics equipment.
AWS Services Used
AWS Security Hub
AWS Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation.
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
Learn more »
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Learn more »
AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources.
Learn more »
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.