Intrro employs industry-standard techniques for detecting and preventing possible intrusions. Detected intrusions can result in escalation through incident response procedures.
IDS & IPS
Intrro utilizes Amazon GuardDuty as an Intrusion Detection System (IDS) and as an Intrusion Prevention System (IPS).
GuardDuty continuously monitors for malicious activity and unauthorized behavior to protect Amazon Web Services accounts, workloads, and data stored in Amazon S3. GuardDuty employs machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.
The Intrro web application employs log in attempt rate limited with automated account lockout and secure password reset practices to prevent against brute force attacks. We also maintain a large email domain blacklist to prevent malicious actors and spam.
Logging and monitoring
Intrro has implemented multiple layers of logging with the application and infrastructure and uses industry-standard tooling to monitor application health and alert the engineering team when the application is not optimally operating.
Intrro utilizes Sentry and Amazon CloudWatch Logs for application logging and monitoring to help diagnose and fix issues within the Intrro web application. Application error logs are stored in Sentry for 30 days and are used to help investigate issues raised from automatic alarms raised via Sentry and Cloudwatch.
Intrro utilizes Amazon CloudWatch to log, monitor and alert on resource allocation and operational performance of the infrastructure of the Intrro web application. Infrastructure logs are stored for 365 days.
Intrro utilizes Amazon CloudTrail to enable governance, compliance, and operational risk auditing of operations and actions taken on Amazon infrastructure and services. Audit logs are stored indefinitely.
Intrro also utilizes Vanta to help monitor security related events and misconfigurations. Examples include, new user accounts in our IdP, employee account permission changes, publicly accessible infrastructure, IP based rate limits and logging not enabled on relevant resources.