Online multi-brand purchase and sale of vehicles
480,000 customers; more than 700 staff
The European online automotive retailer needed to safeguard its transformative AWS-based cloud operations. Vulnerabilities needed to be identified early in the lifecycle. Also vulnerable development libraries needed to be identified and eliminated to limit risk and reduce the resources required for incident response.
Palo Alto Networks Prisma Cloud
A French subsidiary of the global automotive group Stellantis, Aramis Group is revolutionising the way vehicles are bought and sold. Operating online, with approximately 480,000 customers and operations across Europe, Aramis makes a wide choice of reliable cars accessible to all.
Trends like electric vehicle (EV) adoption, connected car services, and supply chain hold-ups are upending the automotive industry. Buying and selling habits are changing too, with customers increasingly switching to fast, frictionless, online purchase and sale methods.
Aramis has responded to this upheaval by moving to the cloud. A digital transformation strategy, predominantly based on Amazon Web Services (AWS), enables the organisation to pivot at pace and respond faster to whatever automotive change is around the corner.
However, it’s a challenge to ensure this fast-scaling cloud environment remains secure.
Aramis needed to safeguard the AWS environment from threats that might disrupt their customers’ online buying/selling experiences and compromise data protection. One major step in their security strategy was to improve developer efficiency, reduce the required responses of their security operations, and deliver better security by identifying and addressing development vulnerabilities as early in their application development lifecycles as possible.
Newly appointed as Aramis’s Chief Information Security Officer (CISO), Philippe Faure believed that when it came to delivering on that cloud security promise, one potential partner stood head and shoulders above the others: Palo Alto Networks.
Philippe Faure and his team established several requirements:
According to Jeremy Mousset, IT Security Expert, Aramis Group, Palo Alto Networks Prisma Cloud offers them agile, trusted cloud security. He explains: “Prisma Cloud gives us unified cloud security posture management and cloud workload protection in a single console. Pre-built policies deliver faster, smarter compliance support, such as GDPR compliance, and role-based access controls allow our team to segregate security across the different business units.”
Prisma Cloud secures Aramis’s cloud-native applications across the application lifecycle. Integrated vulnerability scanning currently checks more than 100 containers, integrating seamlessly with the CircleCI continuous integration (CI) solution. Simultaneously, the Cloud Security Posture Management (CSPM) provided by Prisma Cloud is used for detecting and preventing the misconfigurations and threats that lead to data breaches and compliance violations – ensuring the 40-strong development team can work at peak productivity.
Here’s how it works
Figure 1: Continuous monitoring of base images
Prisma Cloud scans all base images in Docker (1). If an image scores higher than seven on the Common Vulnerability Scoring System (CVSS), the security and infrastructure team members are alerted (2). At the same time, Prisma Cloud is configured to trigger an automated rebuild (3) in the CircleCI CI/CD solution, which subsequently updates (patches) the base images and pushes them into the Docker registry (4). Prisma Cloud currently detects 1-2 image vulnerabilities each week.
Figure 2: Prevents builds from moving forward in pipelines
Developer commits code to GitHub (1), which automatically triggers the CI/CD build process in CircleCI (2). During the CI/CD process, CircleCI connects with Prisma Cloud to check the image for system/package vulnerabilities (3). An image impacted by the CVSS (scoring >8.9) will not be deployed and the developer is alerted, asking him/her to patch/rebuild the image (4bs). If there is no vulnerability, the image is sent to CircleCI, which pushes it to the Docker hub for deployment (4). All containers running are scanned twice per day (5).
Prisma Cloud is also used to support Aramis’s CSPM strategy, continuously monitoring the AWS cloud resources for misconfigurations, vulnerabilities, and other security threats. “CSPM was incredibly easy to implement. We didn’t need to deploy an appliance; simple configurations quickly secured our cloud infrastructure,” says Jeremy. Using reporting as an example, he continues: “The single dashboard maintains a history of configuration changes, so we can understand exactly when a new security issue was introduced and by whom, to simplify cloud forensics and auditing.”
This cloud-native security strategy has many benefits. For example, it: