Scribd Migrates to the Cloud with Panther

Scribd is an ebook and audiobook subscription service with one million titles and 60 million documents. In 2020, Scribd migrated its entire infrastructure from a legacy data center to Amazon Web Services (AWS).

Scribd needs to collect, process, and analyze AWS data, SaaS application logs, and more to ensure security for its employees and more than 80 million users.

The Challenge

As part of its cloud migration strategy, Scribd needed to ensure that no cross connections existed between the development and production environment systems accounts. The company used AWS universal event logging for all resources and established highly granular permissions settings. However, for full visibility, Scribd needed to optimize native AWS CloudTrail, AWS IAM, and the Instance Metadata Service (IMDS) event logging and permissions settings.

Visibility Issues Limited Scalability

As Scribd expanded its infrastructure, managing event logging in the AWS supplied tools became time-consuming and burdensome. Moreover, Scribd soon found that the native tools failed to provide the level of visibility they needed.

Lost Productivity from Poor Alert Quality

While Scribd was able to set granular controls to secure its AWS environment, alerting within the native tools lacked the context necessary to prioritize alerts. Additionally, AWS tools lacked the ability to customize alerts, leaving Scribd unable to extend the IAM permission granularity to other types of rules and policies. This meant security staff wasted valuable time investigating false positives.

The Solution

Flexible, Extensible Cloud Security

Scribd adopted Panther to extend the value of native AWS cloud security tools for a more robust cybersecurity posture

Customization for High Fidelity Alerts

Using Panther’s Python-based rule customization capability, Scribd created highly granular alerts aligned with similarly granular IAM permissions. Panther empowered Scribd’s security because anyone who could read basic Python and understand AWS terminology was able to make new rules and policies. Additionally, Scribd stored all customized rules and policies in their version repository so that they could batch upload them to the system.

Out-of-the-Box Rules and Templates for Increased Productivity

Scribd leveraged Panther’s built-in rules and policies to accelerate their cybersecurity maturity, including real-time alerts like “EC2 Network Gateway Modified,” “EC2 Route Table Modified,” and “AWS VPC Default Security Group Restricts All Traffic.” Since Panther built its infrastructure on CloudFormation templates and Lambdas, Scribd was able to translate minimal IAM-related templates in Terraform to set custom IAM role names that enabled certain cross-account access.

Live Streaming Data with Detection-as-Code for Better Mean Time to Detect (MTTD)

Using Panther, Scribd gained real-time detection capabilities. With Panther’s ability to parse, normalize, and apply detection filters to data streams, Scribd reduced their mean time to detect (MTTD). Instead of collecting all data in a centralized database first then running queries against the information, Scribd used Python code to apply detections as Panther ingested data. By leveraging detection-as-code to eliminate the alerting delays that come with traditional solutions, Scribd created an agile, responsive monitoring program to strengthen their incident detection and response capabilities.

Name Scribd
Industry Online Media
Year Founded 2007
Location San Francisco, CA
Company Size 251-500
Service Scribd is a reading subscription that offers access to books, audiobooks, newspapers, magazine articles, sheet music, documents, and more.