How to set up Security-as-a-Service for AWS
Security-as-a-Service for Amazon Web Services by Bitdefender is a security solution designed for cloud infrastructures and integrated with GZ Cloud Console. An innovative and comprehensive solution, Security-as-a-Service for AWS protects Amazon EC2 instances running Windows or Linux operating systems.
This article provides you with instructions on how to set up Security-as-a-Service for AWS in your Amazon EC2 environment. It is useful to first get familiar with the Security-as-a-Service for AWS components (described in this KB article).
Before you start, check Security-as-a-Service for AWS compatibility and requirements and make sure to have the required Amazon security credentials at hand. You can find all necessary information in this KB article.
To set up Security-as-a-Service for AWS on your Amazon EC2 instances:
- Subscribe to the service.
- Access the Security-as-a-Service for AWS website and set up your account.
- Install BEST on the instances you want to protect.
Step 1 – Subscribe to the Service
When subscribing, you are required to sign in to Amazon Payments and authorize payments to Bitdefender for your Security-as-a-Service for AWS subscription. You can try Security-as-a-Service for AWS free of charge for a period of 30 days. During the trial period, you can cancel your subscription at any time without incurring any charges.
To subscribe to Security-as-a-Service for AWS:
- Go to http://www.bitdefender.com/business/aws-security.html.
Provide the required information to create your account.
Note: Your account login details will be sent to the provided address.
- Click Subscribe. You are automatically redirected to the Amazon Payments website to authorize payments to Bitdefender for your subscription.
- Sign in using your Amazon account.
- If needed, change the payment method and billing address.
- Click Confirm. Once you confirm the payment authorization, you are automatically redirected to the Security-as-a-Service for AWS login page.
You can log in and proceed to set up the service.
Check your email to find out your account login details. If you do not find the email with your account details in your Inbox, check the Spam and Junk/Trash folders. Another email has been sent to your Amazon email address to inform you about the payment authorization.
Step 2 – Set Up Your Company Account
Before you can use Security-as-a-Service for AWS, you must set up your company account, including integration with your Amazon Web Services (AWS) account.
To set up your company account:
- Go to the Security-as-a-Service for AWS website: https://cloud.gravityzone.bitdefender.com/
- Log in using the account details received by email after subscribing to the service.
- Click your username in the upper-right corner of the console and choose Integrations. The integrations page will show up.
Click the Add button > Add Amazon EC2 Integration and a configuration window will appear. Enter your Amazon user access keys in the available fields
Note: It is recommended to set up integration with your AWS account using the access key of an IAM user created specifically for this purpose. Your Amazon user linked to the provided credentials must have at least read-only rights on Amazon EC2.
- Click Save.
- The AWS License Agreement is displayed. You must read and agree with the license terms to be able to continue.
Step 3 – Install BEST on Instances
To protect instances with Security-as-a-Service for AWS, you must install BEST (the client software) on each of them. BEST uses automatic (default) scan modes for EC2 instances set on Central Scan with Bitdefender Security Server hosted in the corresponding AWS region, with fallback on Hybrid Scan (with Light Engines using in-the-cloud scanning and, partially, the local signatures).
Preparing for BEST Installation
Prepare for Silent Agent installation as follows:
- Make sure the instances you want to protect run a supported operating system.
- BEST has the ability to remove competitor Antivirus solutions. Should to automatic removal fail, uninstall (not just disable) any existing antimalware software from instance. Running other security software simultaneously with Security-as-a-Service for AWS may affect their operation and cause major problems with the system.
- The installation requires administrative privileges. Make sure to have all the necessary credentials at hand (for example, the private keys of your Amazon EC2 key pairs).
- Configure the Amazon EC2 security groups to allow SSH and Remote Desktop Protocol access from your computer and SSH access from the Security Console instance.
- If you run firewall software on your instances, make sure to configure it to allow access to the Security-as-a-Service for AWS communication ports.
You connect to individual instances via a SSH or Remote Desktop client and use the installation link from Security Console to download and install Silent Agent locally.
To obtain the download links for the installation files:
- Connect to Security Console using your company account.
- Go to the Computers > Installation Areapage.
- Click Installation Link. The window that appears provides you with the download links for the Windows web installer and the Linux installation script.
Run the installation file using administrator/root privileges.
On instances running Linux operating systems, you can install BEST remotely, from Security Console. For any of these methods, you must first specify the remote authentication credentials:
- Connect to Security Console using your Administrator's Account.
- Go your name or company's name in the right upper corner of the page -> Credentials Manager.
- Under Virtualization, click Amazon Credentials. You can view the list of key names imported from your AWS account and detailed information about them.
- For each key name, you must specify the private key and, if needed, complete the list of user names to authenticate with. To specify the necessary credentials, click the Edit icon in the Action column. You can either upload the Amazon private key file or insert its content in the text box. You can remove or add user names as needed.
Remote Installation. To remotely install BEST from the GravityZone Security Console:
- Go to the Computers > View Computers page. This page displays your Amazon EC2 instances.
- Click the Show menu located above the table (to the left) and choose Unmanaged Computers.
- Select the check boxes corresponding to the Linux instances on which you want to install protection. Use the menu under the OScolumn to filter instances by operating system.
- Click Tasks and choose Install from the menu.
- Click Install. A window will appear, prompting for additional information such as credentials and the package that is required for the install.
You can view task execution status and results on the Computers > View Tasks page. Installation takes minutes to complete.