 back to blog

Extend Vectra Threat Detection to Xen-based EC2 Workloads

Gokul Rajagopalan
Director of product management and technical marketing at Vectra
March 10, 2021
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

Vectra is committed to covering our customer's evolving digital transformation, from data center to cloud and SaaS, working closely with all the respective service providers involved.

As an AWS Advanced Technology Partner, Vectra has partnered with Amazon from the beginning to define and roll-out VPC Traffic Mirroring since the feature launched in 2019. AWS VPC Traffic Mirroring has allowed our customers to significantly enhance security visibility into lift-and-shift workloads as well as IaaS native environments, allowing companies to extend the Vectra industry-leading threat detection and response capabilities for their cloud deployments. By enabling VPC Traffic Mirroring, Vectra and AWS offer a comprehensive view into modern attacks as they move laterally between workloads and between cloud and ground, allowing analysts to detect and stop them early before they lead to breaches.  

Today, we are excited to partner with AWS on an announcement enabling the traffic mirroring capabilities on EC2 instances based on the popular Xen platform. An eagerly awaited capability, this now allows our joint customers who were early cloud adopters to extend their coverage of Vectra to their entire cloud footprint.

VPC Traffic Mirroring provides a copy of every packet entering or leaving an EC2 virtual machine’s elastic network interface to a Vectra Sensor. The sensor parses these packets and sends rich metadata to the Vectra Cognito Platform, which then runs highly specialized AI models to identify advanced attacks across the entire kill-chain. SOC analysts can consume these detections through the Vectra UI as findings via AWS Security Hub or through the customer’s own SIEM or SOAR platform of choice. Vectra combines the AWS metadata with SaaS application logs, on-prem network traffic, threat intelligence, and account and privilege insight to create a comprehensive view of an attack progression.

In addition, our Zeek-formatted, security-enriched network metadata is available for investigation in our SaaS threat hunting workbench, Recall, or in our customer’s own managed data-lakes. Altogether, these functions allow organizations to proactively investigate and threat hunt with deep security context and insight from their environments.

Learn more about Vectra’s partnership with AWS by checking out the datasheet, visiting our technology partner page, visit our marketplace listing, or schedule a demo to see for yourself.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch