Skip to content

Threat Detection and Prevention

2020.1

In order to preserve the integrity of data that Changineers stores, processes, or transmits for Customers, Changineers implements strong intrusion detection tools and policies to proactively track and retroactively investigate unauthorized access. This include threat detection and prevention at both the network and host level, as well as threat intelligence monitoring.

Policy Statements

Changineers policy requires that:

(a) All critical systems, assets and environments must implement realtime threat detection or prevention.

Controls and Procedures

Network Intrusion Detection in AWS Cloud Environments

Changineers implemented a real-time threat detection solution by monitoring AWS CloudTrail events and VPC flow logs where applicable.

Additional monitoring is provided by our infrastructure service provider AWS.

Web Application Protection

leverages AWS Services to protect web applications against common attacks such as SQL injection, cross-site scripting, and denial-of-service (DoS/DDoS) attacks. The services used include AWS Shield, AWS WAF, Amazon CloudFront, and Amazon API Gateway.

Our authentication provider, Amazon Cognito, supports various additional advanced protection methods to further enhance our security posture:

  • Advanced security features for Amazon Cognito help protect our users from unauthorized access to their accounts using compromised credentials. When Amazon Cognito detects users have entered credentials that have been compromised elsewhere, it prompts them to change their password.

  • If Amazon Cognito detects unusual sign-in activity, such as sign-in attempts from new locations and devices, it assigns a risk score to the activity and through configuration can choose to either prompt users for additional verification or block the sign-in request. Users can verify their identities using SMS or a Time-based One-time Password (TOTP) generator, such as Google Authenticator.