Gain Complete Visibility and Eliminate Network Blind Spots in AWS Cloud
AWS’ inaugural security event re:Inforce is finally here. Furthermore, the wedding marks the launch of another exciting new feature from AWS: VPC Traffic Mirroring. This selection supplies a non-intrusive method to enable network visibility to your AWS deployments without requiring significant design changes to virtual network architecture.
Equally exciting, Palo Alto Systems has generated an integration of their VM-Series Virtualized Next-Generation Firewall with AWS traffic mirroring capacity. The VM-Series may be the industry-leading virtualized firewall protecting your applications and knowledge with next-generation security measures that deliver superior visibility, precise control, and threat prevention in the application level.
The VM-Series has supported AWS cloud since 2014 with inline security protections for application workloads running within the cloud. Based on Mukesh Gupta, v . p . of Product Management at Palo Alto Systems, “Enterprises require consistent peace of mind in the cloud without having to sacrifice deployment versatility and selection. Together with inline threat prevention abilities, the combination from the VM-Series using the recently announced AWS traffic mirroring capacity gives organizations an option to deploy the firewall out-of-band for application visibility and advanced threat recognition in AWS cloud.”
The VM-Series on AWS deployed from band now supports two critical security outcomes in AWS cloud:
- Granular visibility into application traffic and recognition of network-borne threats through inspection of mirrored traffic.
- Rapid recognition and response against advanced attacks utilizing an AI-driven approach, for example Cortex by Palo Alto Systems.
Application visibility and threat recognition
The VM-Series on AWS can evaluate, filter, and process the raw data available with the AWS traffic mirroring capacity within AWS cloud and supply contextually wealthy application, content, and threat information. The requirement for removing data from AWS cloud for more processing is eliminated, saving cost and supplying deep understanding of network traffic. According to this more in-depth inspection, customers can pick to allow alerts for an array of security issues, for instance:
- High priority security alerts: Attacks for known exploits, for instance, an effort to take advantage of CVE-2017-5638 for Apache Struts-based web servers running in AWS. Mainly, the VM-Series is becoming an invasion recognition system (IDS).
- Visitors to inappropriate, malicious destinations and command-and-control systems: identify when the source/destination is inappropriate or malicious, whether you will find geoblocking limitations to become met, or maybe there's bitcoin traffic or perhaps an SSH session to some known command-and-control (C2) domain.
In line with the visibility and recognition (in logs), you are able to filter for occasions, and let alerts and actions that may trigger removal using Action-Oriented log forwarding using HTTP(S). This gives a webhook to produce a ticket inside a service desk system or perhaps a security orchestration and response tool, for example Demisto, or launch an AWS Lambda function, which could quarantine by shutting lower the instance or lock lower the safety Group.
Rapid recognition and response against advanced attacks
The VM-Series firewall supports enhanced application logging, which converts raw packet data from AWS mirrored network traffic into context-aware network activity information for storage in Palo Alto Systems cloud services, including Cortex Data Lake. Security applications, for example Cortex XDR, can begin analyzing the wealthy data collected, using analytics and machine understanding how to identify stealthy attacks and expedite security investigations precisely. Identified threats could be mitigated through automated response from Demisto along with other security orchestration and response tools.
No comments:
Post a Comment