Scribd Migrates to the Cloud with Panther
Scribd is an ebook and audiobook subscription service with one million titles and 60 million documents. In 2020, Scribd migrated its entire infrastructure from a legacy data center to Amazon Web Services (AWS).
Scribd needs to collect, process, and analyze AWS data, SaaS application logs, and more to ensure security for its employees and more than 80 million users.
The Challenge
As part of its cloud migration strategy, Scribd needed to ensure that no cross connections existed between the development and production environment systems accounts. The company used AWS universal event logging for all resources and established highly granular permissions settings. However, for full visibility, Scribd needed to optimize native AWS CloudTrail, AWS IAM, and the Instance Metadata Service (IMDS) event logging and permissions settings.
Visibility Issues Limited Scalability
As Scribd expanded its infrastructure, managing event logging in the AWS supplied tools became time-consuming and burdensome. Moreover, Scribd soon found that the native tools failed to provide the level of visibility they needed.
Lost Productivity from Poor Alert Quality
While Scribd was able to set granular controls to secure its AWS environment, alerting within the native tools lacked the context necessary to prioritize alerts. Additionally, AWS tools lacked the ability to customize alerts, leaving Scribd unable to extend the IAM permission granularity to other types of rules and policies. This meant security staff wasted valuable time investigating false positives.
The Solution
Flexible, Extensible Cloud Security
Scribd adopted Panther to extend the value of native AWS cloud security tools for a more robust cybersecurity posture
Customization for High Fidelity Alerts
Using Panther’s Python-based rule customization capability, Scribd created highly granular alerts aligned with similarly granular IAM permissions. Panther empowered Scribd’s security because anyone who could read basic Python and understand AWS terminology was able to make new rules and policies. Additionally, Scribd stored all customized rules and policies in their version repository so that they could batch upload them to the system.
Out-of-the-Box Rules and Templates for Increased Productivity
Scribd leveraged Panther’s built-in rules and policies to accelerate their cybersecurity maturity, including real-time alerts like “EC2 Network Gateway Modified,” “EC2 Route Table Modified,” and “AWS VPC Default Security Group Restricts All Traffic.” Since Panther built its infrastructure on CloudFormation templates and Lambdas, Scribd was able to translate minimal IAM-related templates in Terraform to set custom IAM role names that enabled certain cross-account access.
Live Streaming Data with Detection-as-Code for Better Mean Time to Detect (MTTD)
Using Panther, Scribd gained real-time detection capabilities. With Panther’s ability to parse, normalize, and apply detection filters to data streams, Scribd reduced their mean time to detect (MTTD). Instead of collecting all data in a centralized database first then running queries against the information, Scribd used Python code to apply detections as Panther ingested data. By leveraging detection-as-code to eliminate the alerting delays that come with traditional solutions, Scribd created an agile, responsive monitoring program to strengthen their incident detection and response capabilities.
