Securing AWS Workspaces with AWS Network Firewall and EDR solutions
A leading Australian SaaS provider sought to enhance the security of its cloud endpoint devices by implementing a robust firewall system and an Endpoint Detection and Response (EDR) solution. The challenge was to ensure secure communication between AWS Workspaces and whitelisted domains, while enabling continuous monitoring to prevent cyberattacks. Cevo was engaged to design, build, and deploy the solution using Infrastructure as Code to ensure repeatability and minimal operational overhead. As a result, the security of the endpoint devices was significantly improved, addressing penetration testing findings and ensuring compliance with security regulations.
30 hours per month saved
in maintenance efforts
AWS Workspaces
security uplift
ISV
Industry
The organisation is a leading Australian SaaS provider that offers payroll solutions for businesses across multiple industries.
Business challenge
The SaaS provider operates a secure Amazon Workspaces environment for a group of internal users managing highly sensitive payroll information for an Australian government agency. To comply with government security regulations, the organisation was required to conduct penetration testing on its Workspaces environment to identify and address any potential security vulnerabilities. The penetration test revealed several security findings that needed to be addressed to maintain compliance and security:
- The Workspaces environment must remain consistently updated with the latest Windows patches.
- Workspaces should be restricted to interacting only with whitelisted domains for both inbound and outbound traffic.
- Workspaces should only send traffic to approved external IP addresses.
- Endpoint Detection and Response (EDR) systems must be implemented to monitor and prevent potential cyberattacks.
Solution
Following the penetration testing conducted by the SaaS provider, Cevo was engaged to review the findings and implement suitable solutions to enhance the security of the Workspaces environment while minimising ongoing operational overhead. Cevo recommended leveraging AWS managed services wherever possible and utilise Infrastructure as Code (IaC) to meet security requirements and reduce administrative effort respectively.
Firewall Solution
Cevo considered several firewall solutions, and selected AWS Network Firewall for its robust security features and operational efficiency:
- Easy management using IaC
- Supports both stateful and stateless rule groups
- Allows IP and domain-based whitelisting
- Fully managed AWS service with minimal maintenance
- Extensible for traffic inspection, including deep packet inspection
Cevo configured AWS Network Firewall rule groups to securely enable communication between the Workspaces environment and the Windows Server Update Server for patching. The firewall also enforced access restrictions by allowing interactions only with whitelisted domains and IPs, ensuring compliance with government security requirements. As an AWS managed service, AWS Network Firewall fulfilled the SaaS provider’s requirement for a low-maintenance solution with minimal operational overhead.
EDR Solution
Cevo considered several Endpoint Detection and Response (EDR) solutions, including CrowdStrike, Microsoft Defender for Endpoint (MDE) and Palo Alto Networks Cortex. Since the SaaS provider was already using MDE across corporate endpoints and workload instances, Cevo recommended leveraging the existing MDE tenancy. This allowed seamless integration with the Workspaces environment, enabling the SecOps team to manage security within their current toolset and reducing operational overhead.
To ensure smooth deployment, Cevo configured the AWS Network Firewall rule groups to enable secure communication between the Workspaces environment and MDE endpoints. A new Workspaces image was released to end users, which included MDE installation and MDE Analyzer, ensuring that all new instances were onboarded with the necessary security tools. Cevo also implemented an Active Directory group policy to trigger automatic MDE installation across all Workspaces, streamlining deployment and reducing manual effort.
Once onboarded, the SecOps team confirmed that devices regularly checked in, performed full and quick scans, and supported remote automated investigations. MDE’s live response and the threat and vulnerability management features operated as expected, providing comprehensive endpoint security.
User acceptance testing
All end-user requirements and system performance were validated during user acceptance testing (UAT). Following the successful UAT results, all end users within the secured environment were provisioned with new Workspaces featuring the latest image.
Outcomes
The deployment of the new Workspaces resulted in the following outcomes:
- Reduced operational overhead – Admins can now whitelist domains instead of frequently updating IP addresses, reducing maintenance efforts from up to 30 hours per month to just 1-2 hours.
- Enhanced productivity – End users can seamlessly send and receive traffic to whitelisted domains, eliminating up to 30 hours per month of workflow disruptions previously caused by frequent IP address changes.
- Regulatory compliance – Windows patching and traffic filtering align with penetration testing recommendations and security regulations.
- Strengthened security – Continuous monitoring through MDE enables the SecOps team to detect suspicious behaviour, respond proactively and isolate threats as needed.
- Improved maintainability – Leveraging AWS managed services and IaC ensures easy maintenance and repeatable, efficient deployments.
Enjoyed this customer story?
Share it with your network!
You may also like
