AstraZeneca strengthened monitoring and infrastructure protection with YCDR

Background

AstraZeneca is an international biopharmaceutical company focused on the research, development and commercialization of prescription drugs in therapeutic areas like oncology, cardiology, nephrology, and metabolism, respiratory, autoimmune, and rare diseases. The company has been operating in Russia for over 30 years.

The company has migrated to Yandex Cloud. During the migration, it was important to maintain full control over the infrastructure and protect information. AstraZeneca connected the Yandex Cloud Detection and Response (YCDR) service, configured cloud infrastructure protection, and fixed configuration errors that occurred during migration to the cloud. This allows IT specialists to spend no more than 5% of their time on incident resolution.

Complying with legal requirements and protecting data

AstraZeneca’s Russian division planned to localize data in accordance with Federal Law №152. The company already had extensive experience in working with cloud technologies, so it was able to choose the platform that was comparable in terms of capabilities and approaches to previously used solutions.

At the same time, it was necessary to ensure reliable data protection and continuous monitoring of the cloud infrastructure, both during and after migration. The team was significantly limited in resources: it needed to minimize manual intervention in monitoring and responding to notifications.

The company studied the offers of several cloud platforms and chose Yandex Cloud. According to AstraZeneca experts, the platform met the company’s internal resiliency requirements and, in addition, complied with international security standards.

The key service was the MDR/SocaaS class Yandex Cloud Detection and Response service, which allows continuous monitoring of the environment, risk analysis, compliance management, and quick responses to incidents within the cloud. At the same time, it was important that the service was designed to stop cyber attacks before they escalate. YCDR ensures compliance with regulatory requirements, ensures the availability of security controls, compliance with policies, and the ability to easily conduct audits.

Improving cloud event monitoring and security

During the migration to AstraZeneca’s cloud, it was important to ensure data protection and maintain control over the infrastructure without increasing the workloads on the team. For this purpose, they used the Yandex Cloud Detection and Response service, which provides event control and helps to respond quickly to incidents in the cloud.

After consulting with Yandex Cloud specialists, the team decided at the first stage to only use cloud event monitoring based on Yandex Audit Trails. This option fully met their current requirements: to monitor configuration errors in real time and the dynamics of their elimination.

AstraZeneca and Yandex Cloud specialists completed the pilot project in two and a half months. At the first stage, they developed the configuration and settings of the future system. Then, during the migration process, the AstraZeneca team used Yandex DataLens to create a dynamic dashboard that reflects the state of the infrastructure and shows changes in real time. Daily checks using the dashboard made it possible to monitor progress in resolving configuration errors. Using YCDR, specialists prepared a detailed report with a list of identified problems, and priorities and specific steps for their remediation. It helped identify key infrastructure parameters and subsequently set up notifications that were really important, reducing the number of false positives.

After clarifying the parameters, they enabled the collection and analysis of events using Yandex Monium Metrics. The service makes it possible to quickly receive notifications about any suspicious activity in the cloud infrastructure. During the pilot, they fine-tuned the detection algorithms and reduced the number of false positives to a minimum. As a result, the solution is able to provide the required level of protection and requires virtually no manual work from specialists.

Currently, AstraZeneca continues migrating services to Yandex Cloud and regularly adjusts it security settings. Monitoring covers not only internal processes, but also the actions of contractors involved in migration. All operations with resources are recorded in logs and are available for analysis.

Strengthening infrastructure control and security

The AstraZeneca team got a system with a minimum number of alerts: specialists spend no more than 5% of their working time processing them, as they have become as relevant as possible and do not require unnecessary checks. They managed to strengthen the protection of cloud resources and start fixing configuration errors even during migration, despite the small size of their team. Information security specialists maintain control over the actions of contractors and can quickly respond to any potential threats.

YCDR helped identify Critical- and High-level misconfigurations. The team fixed the critical issues within two days. In particular, they promptly identified and blocked public access to the Yandex Object Storage bucket with confidential data. High-level errors were fixed within a month thanks to automated reports and YCDR recommendations.

AstraZeneca has deployed a reliable cloud protection system that reduces risks and does not require significant amounts of the team’s time. The company plans to expand its use of YCDR.