Extend Vectra Threat Detection to Xen-based EC2 Workloads
Vectra is committed to covering our customer's evolving digital transformation, from data center to cloud and SaaS, working closely with all the respective service providers involved.
As an AWS Advanced Technology Partner, Vectra has partnered with Amazon from the beginning to define and roll-out VPC Traffic Mirroring since the feature launched in 2019. AWS VPC Traffic Mirroring has allowed our customers to significantly enhance security visibility into lift-and-shift workloads as well as IaaS native environments, allowing companies to extend the Vectra industry-leading threat detection and response capabilities for their cloud deployments. By enabling VPC Traffic Mirroring, Vectra and AWS offer a comprehensive view into modern attacks as they move laterally between workloads and between cloud and ground, allowing analysts to detect and stop them early before they lead to breaches.
Today, we are excited to partner with AWS on an announcement enabling the traffic mirroring capabilities on EC2 instances based on the popular Xen platform. An eagerly awaited capability, this now allows our joint customers who were early cloud adopters to extend their coverage of Vectra to their entire cloud footprint.
VPC Traffic Mirroring provides a copy of every packet entering or leaving an EC2 virtual machine’s elastic network interface to a Vectra Sensor. The sensor parses these packets and sends rich metadata to the Vectra Cognito Platform, which then runs highly specialized AI models to identify advanced attacks across the entire kill-chain. SOC analysts can consume these detections through the Vectra UI as findings via AWS Security Hub or through the customer’s own SIEM or SOAR platform of choice. Vectra combines the AWS metadata with SaaS application logs, on-prem network traffic, threat intelligence, and account and privilege insight to create a comprehensive view of an attack progression.
In addition, our Zeek-formatted, security-enriched network metadata is available for investigation in our SaaS threat hunting workbench, Recall, or in our customer’s own managed data-lakes. Altogether, these functions allow organizations to proactively investigate and threat hunt with deep security context and insight from their environments.