Ansys conducts a yearly threat modeling exercise for the Ansys Gateway powered by AWS product.
The goal is to determine whether the application uses AWS and product defenses correctly and ascertain potential security weaknesses.
Below are the key points arising from the threat model process.
- One of the benefits of hosting a system comprising mainly AWS PaaS components is that AWS addresses many security controls. For example:
- Anti-malware and system security updates are both addressed automatically by AWS
- Ansys out-of-band updates to the underlying EC2 instances when the AWS Update Manager has not yet addressed these vulnerabilities
- AWS allows us to implement a WAF, network denial of service protections, reducing the potential for availability disruptions
- As needed, local redundancy is built-in via Elastic Beanstalk and autoscaling for AWS solutions
- The control plane of this system is segmented using private subnets and VPC definitions to ensure confidentiality and integrity
- TLS 1.2 is used by default for all network traffic, encrypting all transmission of information