Blog
Boost Your Security in AWS
Get familiar with these essential features that enable NDR in the cloud
Dale Norris
October 10, 2019
Traditionally, network traffic has been difficult to leverage as a data source in the cloud because it couldn't scale. With the recent introduction of traffic mirroring, Amazon Web Services (AWS) customers can now monitor and analyze network traffic with network detection and response (NDR) products.
If you're considering adding an NDR product to your AWS account, we've put together a baker's dozen of common terms you'll need to know. We'll also give you a brief description of how some terms relate to ExtraHop Reveal(x) Cloud, our SaaS-based NDR offering for AWS.
Let's get to the AWS features!
Traffic Mirroring
The cloud equivalent of terms like port mirroring, SPAN, or passive packet capture. Traffic mirroring enables cloud customers to copy and inspect network traffic. Traffic can then be sent to out-of-band security and monitoring products. Reveal(x) Cloud natively integrates with Amazon VPC Traffic Mirroring to provide an agentless NDR solution that doesn't require sensors. Read more about how traffic mirroring in the cloud works.
Amazon Virtual Private Cloud (Amazon VPC)
An isolated virtual datacenter where users can launch AWS resources. Amazon VPCs enable custom network configuration, including access to public and/or private Amazon Elastic Cloud Compute (EC2) instances in subnets. Amazon VPCs can be connected to the internet, a data center, or other Amazon VPCs. VPC Traffic Mirroring copies the network traffic in a customer's VPC and securely sends it to Reveal(x) Cloud.
Elastic Network Interfaces (ENI)
A virtual network interface users can attach to a workload in an Amazon VPC. A workload can be defined as an EC2 instance, virtual machine (VM), or network load balancer (NLB)—essentially anything with an ENI. ENIs are loaded with information, which can include several types of IP address, a MAC address, and membership in specified security groups. ENIs can be attached to an instance, detached, and attached to another instance. VPC Traffic Mirroring captures packets at the ENI level and sends them to Reveal(x) Cloud for line-rate analysis.
Amazon Machine Image (AMI)
Similar to the template of a computer's root drive, AMIs contain a cloud instance's operating system. They can also contain software and application layers such as database servers, web servers, and more. Users can create their own AMIs or leverage pre-built versions created by AWS and the AWS community. AMIs can be private, semi-private, or public. The Reveal(x) AMI is deployed in a customer's Amazon VPC to deliver real-time network traffic analysis with sensitive data never leaving their virtual private cloud.
VPC Peering
A networking connection used to privately route traffic between two Amazon VPCs. For instance, ENIs in different VPCs can communicate with each other if they're peered.
AWS PrivateLink
Provides a private connection between Amazon VPCs, AWS services, and on-premises applications on Amazon's network. AWS PrivateLink traffic doesn't traverse the internet, and the links can be used to migrate on-prem applications to SaaS products hosted in AWS cloud. Customers can also connect services within their own organization without firewalls, path definitions, VPC Peering, or route tables by using an AWS PrivateLink.
Amazon Elastic Compute Cloud (Amazon EC2)
An instance (or virtual server for running applications) is used to provide secure, resizable compute capacity in AWS Cloud. Amazon EC2 integrates with most AWS services, including Amazon VPCs. Customers can point VPC Traffic Mirroring at an EC2 instance.
AWS Nitro System
The underlying platform for Amazon EC2 instances, it's a collection of building blocks. The Nitro System allows AWS to offload several key virtualization functions to dedicated hardware and software to minimize the attack surface. Nitro-based instances are required to enable VPC Traffic Mirroring, which in turn allows Reveal(x) Cloud to monitor and analyze network traffic.
Amazon Simple Storage Service (Amazon S3)
Also known as "S3 buckets," they're used to store and/or retrieve data from websites, mobile apps, archives, IoT devices, and more—all across multiple systems. S3 buckets can maintain compliance programs for PCI-DSS, HIPAA/HITECH, FedRAMP, EU Data Protection Directive, and FISMA. Reveal(x) Cloud automatically discovers and classifies assets like S3 buckets, so AWS customers always know where assets are and what they're doing.
Amazon Simple Notification Service (Amazon SNS)
As a pub/sub messaging system, Amazon SNS enables applications, users, and devices to instantly send and/or receive notifications from the cloud. Amazon SNS can send messages to serverless functions, queues, and distributed systems, as well as SMS, push, and email notifications to end users.
AWS CloudFormation
Allows customers to model their infrastructure in a text file, and those templates help to standardize infrastructure components to enable configuration compliance and faster troubleshooting. Automated, secure provisioning helps customers build and rebuild infrastructure and applications without performing manual actions or writing custom scripts. The service also allows customers to create and/or delete related AWS resources together as a unit.
AWS Lambda
A web service that makes serverless cloud architecture in AWS possible, meaning it enables customers to run code for virtually any kind of application or backend service without having to provision and/or manage servers. AWS Lambda automatically scales applications to precisely match the size of workloads.
AWS Management Console
A web interface where customers can create cloud-based applications. Automated wizards and workflows for creating subnets, IP ranges, route tables, and security groups make the process of deploying and testing commonly used workloads simpler. Users can also oversee all aspects of their accounts, including setting up AWS IAM users and groups, configuring permissions, and managing security credentials in the AWS Management Console from desktop or mobile devices.
If you need more AWS definitions and documentation, visit the AWS Glossary.
If you'd like to request a free trial of our 1 Gbps version Reveal(x) Cloud, click here.
Discover more