Amazon Web Services (AWS) recently expanded Amazon Virtual Private Cloud (Amazon VPC) Traffic Mirroring to more instance types, and it's going to be a game-changer for businesses and cloud-focused security and IT teams. Until now, AWS customers could only enable traffic mirroring on Nitro-based EC2 instances.
By eliminating that restriction, AWS removed barriers to uniformly inspecting network traffic packets on twelve additional instance types across twenty-two regions, making it easier and more cost-effective to detect, investigate, and respond to security threats and performance issues.
If you're not familiar with Amazon VPC Traffic Mirroring, it allows you to unlock network packets, the ultimate source of truth in the cloud, by replicating network traffic for inspection, threat monitoring, troubleshooting, and much more. Traditionally, accessing network packets in the cloud required deploying agents, a cumbersome and time-consuming process that introduced friction. Given those challenges, security and IT teams often focused on securing the perimeter and used logs and NetFlow that struggled to quickly provide actionable insights.
Network packets offer a richer data source that's easier to search than logs, helping cloud-focused security and IT teams get to ground truth faster. The ability to drill down into internal traffic in the east-west corridor eliminates the blind spots left by logs, agents, and NetFlow data. Packets also provide valuable insight into north-south traffic entering and exiting VPCs. Further, packets can be used by both security and IT teams, eliminating data silos. When combined with data from logs and agents, network packets offer security and IT teams a complete picture of what's happening.
As AWS makes getting packets even easier, the value of network detection and response (NDR) in the cloud becomes more clear. Dissecting packets to extract metrics reveals a wealth of information, including an always-up-to-date inventory of all connected devices and device types within an AWS cloud environment. NDR also detects new connections, abnormal user behavior, data breach attempts, and ransomware in real time.
ExtraHop uses Amazon VPC Traffic Mirroring to defend organizations against attacks on cloud assets and workloads, including lateral movement techniques used in supply chain attacks. Once inside the perimeter, attackers need to visualize the internal network and environment, discover target assets, and then move laterally to achieve their ultimate goals. For security teams using NDR, that lateral movement is a dead giveaway that attackers are present in an environment.
To help security teams defend against threats in cloud and hybrid environments, ExtraHop created Reveal(x) 360. Delivered from the cloud as a true SaaS-based solution, Reveal(x) 360 provides unified threat detection, investigation, and response capabilities across environments. Security practitioners can select and deploy on-demand and prepaid sensors directly from the Reveal(x) 360 console to scale the benefits of NDR monitoring and security across the entire enterprise with just a few clicks.
To get a feel for how our NDR solution detects threats as they unfold, start the fully functioning Reveal(x) 360 online demo featuring real assets running in a live cloud environment. You can also start a Reveal(x) 360 free trial to see how cloud-native NDR works in your specific environment.