Network Traffic Visibility in the Cloud

Presented by

Darragh Delaney, Sr. Product Manager, D&R and Morgan Doyle, Consulting Software Engineer, D&R

About this talk

In this real-training-for-free session we will discuss the options for cloud based network traffic analysis and how it differs from on-prem approaches. The use cases for this technology which include: Security analysts lack visibility within cloud networks. They do not have the visibility they need to troubleshoot operational and security issues within their AWS networks and want to eliminate this blind spot so that they have 'end to end' traffic visibility across all their network. Security analysts want DPI/full packet analysis in their AWS estates. They want more detail than VPC flow logs to detect security threats and to perform forensics on past events. Compliance and security personnel want cloud based IDS solutions. IDS is a key requirement for some compliance standards such as PCI Amazon launched a network traffic mirroring service in 2019 called VPC traffic mirroring. This allows you to span, or copy, network traffic going to and from one or more EC2 Elastic Network Interfaces and send it to a traffic analysis system. From a security perspective, we can now deploy cloud based out-of-band intrusion detection and analysis tools to look for malicious activity in the network traffic. During this call we will check out the VPC traffic mirroring feature in AWS and show how to set up a traffic mirroring session to capture activity associated with a number of ENIs. Topics include: -Mirror Sessions -Mirror Targets -Mirror Filters Using the data captured from this we will then look at how this can be used for incident detection and response.

Related topics:

More from this channel

Upcoming talks (7)
On-demand talks (389)
Subscribers (34572)
Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.