MatchMove

Ensures compliance for public cloud and AWS with all-in-one, instant-on security solution 

Challenges

MatchMove provides digital entertainment, social enterprise and e-commerce solutions for many global telecom, media and entertainment companies through the strategic use of its sophisticated games, social networking and site gamification platforms. Established in 2009 as a game platform provider for companies like Yahoo! Games Southeast Asia, MatchMove quickly evolved to include a variety of services via its secure and customisable, cloud-based platform. Headquartered in Singapore with offices across Asia and the US, MatchMove’s customer network currently has a combined base of more than 250 million users globally.

Realising the potential of the e-commerce business, MatchMove sought to reach out to more customers across the region by launching its virtual card, the MatchMove Wallet. This prepaid virtual currency helps customers shop online anywhere, safely and easily. Licensed through AmEx in Southeast Asia, the MatchMove Wallet is touted as the first of its kind in the region, targeting markets where a card is difficult to procure.

To ensure financial transactions are secure over its cloud infrastructure, MatchMove needed to comply with the PCI DSS compliance requirement.

“Maintaining a secure environment is important for us as we are offering a financial product, and collaborating with a number of third parties. We needed the PCI DSS compliance to assure our MatchMove Wallet users that we have a safe and secure system and are free from any security breach,” explained Chris Zheng, Technical Director at MatchMove.

Currently, MatchMove’s IT infrastructure runs on 14 instances hosted in Amazon Web Services (AWS). To ensure secure financial transactions over its network, MatchMove needed an enterprise-class security solution that will enable them to meet PCI DSS compliance and at the same time protect, secure and optimise the performance of its instances.

Why Trend Micro

In search of the fitting security solution to meet its needs, MatchMove had a list of requirements of which the top requirement was to ensure that the solution is tightly integrated with AWS.

“Our main requirement was to ensure that the solution supports Amazon images and protects the system, disc and application layer. Basically, it should be able to handle all the different layers integrated in our infrastructure. More importantly, the security solution should be easy to manage and maintain, enabling us to cut through software maintenance time,” said Paul Hidalgo, Platform Manager.

As recommended by AWS, MatchMove went with Trend Micro for its instances security and compliance needs. After understanding its needs and timeline, Trend Micro came up with an action plan for a POC (Proof-Of-Concept) in MatchMove’s local environment. For this particular deployment, Trend Micro recommended Deep Security, which provides a comprehensive server security solution to protect AWS instances from data breaches and business disruptions.

“It was an easy decision to work with Trend Micro as it is an AWS Advanced Technology Partner. Its compatibility with Amazon is important to us, because Amazon is more mature and offers us the flexibility we need for our virtualisation, compared to other cloud providers. Moreover, it has the ability to have a master-slave relationship when handling updates, which was good for us,” said Hidalgo.

Solution

Trend Micro went through all the security configurations and PCI compliance point-by-point with MatchMove’s internal team to ensure it met all the requirements. Satisfied with the outcome of the POC, MatchMove placed an order with Trend Micro to deploy Deep Security in its AWS instances.

“At first, we were cautious about how Trend Micro might mitigate data breach issues. But during the pen test, we were impressed with how the Deep Security Integrity Monitoring feature screens for potential breaches. It lets us know if there is an unauthorised access or modifications to the source codes. With this, we can oversee the servers’ health and manage everything seamlessly. At the same time, we can ensure that everyone in our team gets updates on the instances’ security status,” explained Gian Ebao, Software Architect.

"The ease of deploying and managing a complete full-service security solution enabled us to refocus on planning and building new products.

Gian Ebao,
Software Architect, MatchMove

Deep Security’s Log Inspection feature also proved helpful in meeting PCI DSS compliance. Hidalgo added, “One of the key requirements of PCI DSS compliance is logging. We need to be able to see everything and updates must be logged. With Log Inspection, we are able to monitor who logged into the server and check for any suspicious activity. The thing that we always look for is intrusion prevention. Tracking these activities has been easy with Deep Security.”

Results

MatchMove was able to put up the MatchMove Wallet service on AWS in less than six months. Users of the MatchMove Wallet now enjoy auto security provided by Deep Security, where they can be assured that all their personal data and financial transactions are secure and protected from breach. The company also found that deploying this solution a big boost in credibility when dealing with its financial partners.

Moreover, the flexibility and support for AWS allowed MatchMove’s instances to run on optimum performance. This ensured that MatchMove continued to operate without any business disruptions, while ensuring the protection of its virtualised environment.

In addition, MatchMove also benefited from the all-in-one solution that Trend Micro Deep Security offers. “It took away a lot of worry for us and gives us peace of mind. If we were to do it ourselves, we would have to set up individual softwares to ensure an efficient security solution. For example, we would have to install a comprehensive logging system, set up an anti-virus software, and then install a separate intrusion prevention system, etc. Surely, we can install all of them one by one, but the Deep Security Agent made this job easier for us by having an all-in-one solution – anti-malware, web reputation, intrusion prevention, firewall, integrity monitoring, and log inspection – installed just one time. The ease of deploying and managing a complete full-service security solution enabled us to refocus on planning and building new products,” stated Gian Ebao, Software Architect.

With the reliable security offered by Trend Micro Deep Security, the company not only benefited from full protection for its instances hosted in AWS and PCI DSS compliance, but also met its need for scalability. As Deep Security is tightly integrated with AWS’s Auto-Scaling feature, security is instant-on which meant that when instances spin up, security can be automatically initiated, and managed efficiently based on cloud deployment configurations. All these were done achieved with Deep Security’s centralised policy capability. When instances spin down, Deep Security can keep the instances completely in tune with MatchMove’s cloud deployment and fully log everything that happens in compliance with the PCI DSS requirement and audit purposes.

“Our solution was architected to leverage on AWS' auto-scaling, which means provisioning instances on demand. Deep Security allowed us to auto-scale with AWS instances together automatically. With this capability, Trend Micro allowed us to scale up or down without the need to worry about provisioning security agents manually,” explained Hidalgo.

MatchMove is looking to deploy the solution in the other markets that it plans to expand to. The flexibility that Deep Security offers allowed the company to keep its platforms consistent, enabling MatchMove to clone its setups seamlessly.

“Our systems are all virtualised, and this enables us to widen our reach. Not having any complexities in our security setup is vital to our expansion plans. Instead of taking two years to develop, launch and acquire PCI DSS-certification for a new platform, we can now replicate our existing environment in just three months. Deep Security in AWS helped us get to where we want to be fast,” said Hidalgo.