How Ibexlabs Mitigated Security Vulnerabilities and Secured XGEN AI’s Assets Using AWS Best Practices

XGen.Ai is a comprehensive traffic and product analytics suite, personalization platform, and A/B testing solution that automates the experience optimization process at the unique customer level in real-time. Their proprietary artificial intelligence platform drives autonomous, curated product recommendations and merchandising – delivering a truly tailored digital shopping experience that is as dynamic and unique as the individual customer.

An AWS platform to support ambitious growth plans.

XGen.Ai recognizes that security is a moving target and they need to be constantly vigilant for any gaps in their security posture.

This risk mitigation includes checking for security best practices as part of the AWS Well-Architected Framework which includes use of multi-factor authentication, privilege management, Amazon S3 access control, and IAM access keys management.

This is a regular check to ensure their objects are not vulnerable to data theft and and their resources are immune to attacks.

XGen.Ai sought an independent outside review to make sure they weren’t “marketing their own homework”.

“Our AWS platform is complex and, like anyone else’s, is always changing. As part of our risk management process, we value getting outside help to check our situation and fix what we need. It’s like servicing your car: if you don’t keep up your servicing plan, then you’ll break down one day.”

Jason D’Rion, Chief Information Officer at XGen.Ai

XGen.Ai looked for an AWS partner with security and AWS Well-Architected expertise who could independently assess their current state, give them a detailed review including a list of recommended remediations, and then help them implement those recommendations.

How Ibexlabs help XGen.Ai use the AWS Well-Architected Framework to further improve their security posture.

Ibexlabs conducted a comprehensive review of XGen.Ai infrastructure based on AWS Well-Architected principles with a specific focus on the Security Pillar.

The types of security checks and remediations included:

• Set numerous security measures to implement a defense-in-depth strategy.
• Sensitivity levels for data and verify use of techniques such as encryption, and access control as required.
• Implemented the concept of least priority while communicating with AWS resources.
• Pruned inactive IAM roles, users, and groups.
• Improved secrets management in AWS Lambda Environment Variables.
• Tightened public access to Amazon S3 buckets, ensuring the confidentiality of sensitive data.
• Rotated IAM users access keys minimize the risk of data theft.
• Enabled versioning and replication on buckets that need higher data availability.

AWS Identity and Access Management

AWS IAM requires constant tuning to secure all AWS resources, with a special focus on privilege management so that staff joiners, movers, and leavers don’t retain unnecessary permissions.

Amazon S3

Amazon S3 has a complex and powerful set of permissions that require regular revision to ensure no data is exposed inadvertently and that all the advanced features of versioning and used to enhance availability.

“We know that AWS IAM and Amazon S3 configurations are not set-and-forget. Getting an independent review of our configurations is essential to be honest and transparent about how our security posture needs to change as our business changes.”

Jason D’Rion, Chief Information Officer at XGen.Ai

The main result for XGen.Ai was keeping their AWS security posture in line with their business. The recognize the need for regular independent checks to not just bring in the latest AWS Well-Architected Framework pillars like Security, but also to collaborate on implementing remediations without disrupting the business.