Today, Amazon Web Services (AWS) unveiled Amazon VPC traffic mirroring that allows customers to gain insight into the network traffic across their virtual private cloud infrastructure for content inspection and threat monitoring.
These announcements are timely. Digital transformation is driving enterprises to rapidly enter the next chapter of cloud. Six out of 10 enterprises already use infrastructure-as-a-service today. Of those, half run production workloads in their cloud infrastructures. Companies are looking to rapidly capture favorable business models, dynamic scaling, high availability, and streamlined management that public clouds deliver.
Yet, moving workloads to the cloud doesn't automatically make them more secure—it merely shifts the scope of required security work. Broadly speaking, Vectra commonly observes enterprises at two different phases of their infrastructure cloud journey: Hybrid /or native cloud deployments.
Attackers often follow the path of least resistance by initially exploiting human behavior or longstanding infrastructure vulnerabilities. Long before attackers reach a virtual workload, they will have already compromised an end-user device and stolen administrative credentials.
As a result, cloud infrastructures often encounter cyberthreats in the more advanced phases of attack, such as internal reconnaissance, lateral movement, and data exfiltration. So rather than focusing on the initial exploit, it is important to focus on detecting attackers who already compromised the perimeter and are inside the infrastructure.
Nearly four in 10 organizations plan to move to a cloud-first approach when deploying new applications. Many of these applications will forgo any on-premise footprint. In these scenarios, traditional perimeter tools fail in cloud environments and the dynamic, multi-tenant nature of the cloud introduces new attack behaviors and techniques, making it difficult to detect and respond.
To gain visibility into cloud environments, enterprises will be able to rely on the Cognito platform from Vectra to find hidden threats quickly, empower threat hunters, and speed-up incident response to avert data loss in AWS environments. The Cognito platform can now be deployed in native and hybrid cloud environments as well as on-premises environments. Cybercriminals who target cloud workloads can no longer hide their malicious behaviors.
To learn more, please visit Booth 333 at Amazon reinforce or see our AWS/Vectra integration page for more information.