AWS re:Invent 2017: Now, There’s a Better Way to Remove Security Blind Spots in the Cloud

Last week was an exciting time at AWS re:Invent. More than 50,000 attendees, including experts across cloud networking, infrastructure, security and services, came together not only to learn about the roadmap for Amazon Web Services (AWS), but also to share, collaborate and discuss solutions and initiatives for the public cloud.

The top question of the week: Where is AWS heading?

To answer that, AWS CTO Werner Vogels took the stage for a nearly three-hour keynote, covering several new service announcements and updates[i]. Of considerable note was his review of the importance of the AWS Well-Architected Framework, which encompasses five pillars: Security, Reliability, Performance Efficiency, Cost Optimization and Operational Excellence.

For Gigamon, the Well-Architected Framework played a key part in our recent announcement on having achieved Networking Competency. We worked closely with AWS solution architects to ensure that the Gigamon Visibility Platform for AWS meets the Well-Architected Framework pillars. We are proud of this achievement and our ability to deliver a highly optimized, cloud-native solution to AWS customers who need to meet their stringent security and compliance requirements.

Did You Say Security?

Yes, speaking of security, AWS offers a variety of cloud-native solutions such as security groups and identity and access management and, during his keynote, Vogels announced the addition of new security offerings, including the threat detection solution Amazon GuardDuty.

The announcement seemed to fit with one of the recurring questions we heard from visitors to our booth at the event: How can we get more visibility – beyond logs – and become more proactive about securing the growing number of mission-critical workloads we’re moving to AWS?

Unlike on-premises deployments where customers have hardware TAPs and SPAN sessions to access network traffic, the public cloud provides no similar packet-capture capability. Customers can use VPC flow logs, which capture network flow data for a specific 5-tuple, but unfortunately, flow logs do not provide the necessary information that most security and performance monitoring tools need to effectively assess for threats in east-west – application tier to application tier – and north-south – application to server – traffic flows.

To remove these blind spots, organizations need to deploy a solution that gives them access to the traffic their security tools need. As with any network, no matter the technology used, identifying potential lateral threat propagation within your environment is best done by inspecting the actual traffic moving throughout your network.

The Gigamon Visibility Platform

The Gigamon Visibility Platform complements existing cloud-native security solutions like Amazon GuardDuty by ensuring continuous visibility for your mission-critical applications. Our intelligent network traffic visibility solution acquires, optimizes and distributes selected traffic to security and monitoring tools within an AWS VPC or backhauled to the on-premises tool tier. The platform enables enterprises to maximize application performance and minimize resource utilization by requiring a single lightweight agent with minimal impact on AWS EC2 CPU utilization for all traffic acquisition. Once acquired, the traffic can be shared with any number of tools that require access to perform their function. Moreover, the platform integrates with AWS APIs to automate deployment and scaling, with a visibility tier in each targeted VPC to collect aggregated traffic and apply advanced intelligence prior to sending selected traffic to the security tools.

Whether you’ve already moved to AWS or are considering it in the near future, don’t leave planning your security strategy until the last minute, don’t be blinded by the allure of the cloud and more importantly, don’t be blind in the cloud.

To learn more, visit the Gigamon Visibility Platform for AWS.