Before we get started on the Reveal(x) 360 and AWS Control Tower integration, let's take a moment to explore why the network matters in cloud security and how network detection and response (NDR) offers foundational security capabilities. It starts with visibility. Every workload uses the network to communicate, so network data is the richest input for threat detection and response. For more info on the value of network data and NDR for cloud security, watch this brief video. Now, on to the integration.
Defending multi-account AWS environments, called landing zones, requires unified visibility, threat detection, and response. However, the ephemeral nature of cloud workloads can make it difficult to ensure that your security tools are provisioned correctly across new or existing accounts.
The reality is that most organizations treat instances like cattle, not pets. If you're not familiar with the analogy, it's pretty simple: You take care of pets individually, but you have to manage cattle in herds of large numbers. When managing and securing a fleet of identical compute instances, replacing a slow or compromised instance makes more sense than troubleshooting to nurse it back to health.
The cattle approach improves service availability by reducing recovery time, but it complicates observability efforts. In an attempt to keep up with the pace at which instances can be spun up and down, organizations struggle to manually provision their tooling, a complex process that's time intensive and difficult to scale. The most effective way to ensure that your tooling is properly provisioned to secure new or updated instances is through automation.
The new Reveal(x) 360 integration with AWS Control Tower allows organizations to eliminate much of the friction associated with provisioning and deploying ExtraHop cloud sensors across accounts, especially in highly ephemeral environments. For example, maintaining data feeds to security tools requires vigilance. Without it, the feed can suffer from entropy, and that's not counting new instances being spun up or destroyed.
By integrating with AWS Control Tower, Reveal(x) 360 provides visibility, threat detection, and response capabilities at scale, regardless of whether organizations are defending fresh or long-lived instances. Additionally, AWS Control Tower allows organizations to create guardrails, which are preventive and detective controls that help maintain best practices and avoid drift.
Use Case: Reveal(x) 360 and AWS Control Tower
Below is an example of how Reveal(x) 360 and AWS Control Tower can help you deploy and maintain a data feed in a workload account via Amazon VPC Traffic Mirroring. Ensuring a steady stream of network data to ExtraHop cloud sensors is essential to visibility, threat detection, and response. Here's how Reveal(x) 360 administrators and users can leverage the integration.
To set up this new integration, a Reveal(x) 360 administrator only needs to take three steps.
- Subscribe to the ExtraHop SaaS and BYOL Listings on AWS Marketplace.
- Deploy the ExtraHop-ControlTower-Lifecycle Cloudformation Stack in the Control Tower Management Account.
- Enroll AWS Accounts in Control Tower Management which creates a Cloudformation StackSet Instance based on the type of Account enrolled.
The Result: Mirrored network traffic from EC2 and ECS Workloads in Workload Accounts is automatically delivered to the Reveal(x) 360 Sensor.
Once those three steps are completed, cloud-focused security teams can use Reveal(x) 360 to identify and respond to advanced threats against cloud workloads.
Learn More About the Reveal(x) 360 + AWS Control Tower Integration
Visit our AWS Control Tower integration page to learn more about this valuable integration for AWS customers who need to secure multiple accounts. Information includes a data sheet and an implementation guide. You can also visit our AWS Marketplace listing for more details about Reveal(x) 360, cloud-native network detection and response (NDR) delivered as a SaaS.