Med Salah

Technology Solustions Consultant

Cyber Security Specialist

Computer Forensic Expert

Med Salah

Technology Solustions Consultant

Cyber Security Specialist

Computer Forensic Expert

Blog Post

Cloud Native Network Detection and Response

novembre 16, 2018 Blog IT
Cloud Native Network Detection and Response

We’ve all heard the phrase “the network never lies”, but as more organizations adopt cloud computing, getting access to the network in the cloud has been challenging.  Initially, cloud services, such as AWS CloudWatch and AWS CloudTrail, allowed you to collect logs, events, and metrics from your cloud environment, but not network packets or flows.  This really limited true network detection and response capabilities that we have become accustomed to in our on-premise networks.

Cloud computing also accelerated the adoption of hybrid environments where some of your assets are in the cloud and some are on-premise.  Integrating visibility and control of all of your assets is now more challenging than ever, especially with limited visibility in the cloud.

Finally, new capabilities have emerged to help us get network visibility in the cloud.  The first capability was from AWS called VPC Traffic Mirroring, which allows the capture and inspection of network traffic at scale.  In order to support this capability, AWS uses Elastic Network Interfaces (ENIs) as mirror sources.  Just a word of caution, you can only mirror traffic from EC2 instances that are powered by the AWS Nitro system.  Google Cloud has a similar offering called Packet Mirroring and Microsoft Azure has announced support for Azure Virtual Network TAP.

With the cloud providers supporting traffic mirroring, the second capability came from ExtraHop to support cloud native network detection and response.  Reveal(x) 360 (formerly Reveal(x) Cloud) is a SaaS-based network detection and response (NDR) solution for the hybrid enterprise, providing deep and continuous visibility from the inside out.  Designed through close collaboration with all three major Cloud Service Providers, Reveal(x) 360 integrates natively with AWS, Google Cloud, and Microsoft Azure to supplement observable network behavior with on-workload events and logs.

While Reveal(x) 360 fulfills the promise of cloud-first network security with rich insight into all cloud behavior, it also provides the following benefits:

  • effortless cloud asset discovery and classification
  • rapid threat detection, and
  • confident response
Taggs: