NetFort Cloud Visibility and AWS VPC Flow Logs
Enterprises use NetFort LANGuardian to provide network visibility across their on-premise infrastructure to support security, compliance, operational, and forensic activities.
The current LANGuardian traffic capture technologies include:
- Raw traffic usually via a SPAN port or TAP
- Cisco NetFlow
- PCAP files
These capture technologies are suitable for use in on premise datacentres, that are typically a mix of physical servers and varying degrees of virtualization. Even in a highly virtualized data center, these capture technologies are still suitable as the network fabric and all ingress and egress points remain under control of the network administrator.
As organizations continue to move to the cloud, their efforts to exploit the advantages of public hyper-cloud providers, such as AWS, are often stalled by the security and compliance implications of the restricted visibility that often results in such moves.
Appliance based network monitoring solutions cannot provide the required visibility in the cloud. This lack of visibility can hinder otherwise smooth migrations to public IAAS providers. To solve this problem, NetFort LANGuardian now processes AWS Flow Logs.
AWS Flow Logs provide ‘Cisco Netflow-like’ data about the IP traffic traversing your AWS estate (your AWS VPC). VPC Flow Logs provide data on:
- Source and destination IP addresses and ports
- Protocol, sent packet and byte counts
- Interface and AWS accountID
- Allowed or Denied indicator
- Number of packets and bytes transferred
- Start and end time
VPC Flow Logs are processed by LANGuardian, generating similar metadata to NetFlow. The VPC Flow Logs are merged into sessions, GeoLocation information is added and saved into the NetFort database.
The information can now be analyzed using LANGuardian trends, reports and alerts, showing for example who’s talking to who, clients by country, new sessions and ports used etc.
AWS Identity and Access Management (IAM) manages access to AWS services and resources securely. LANGuardian uses this IAM and the Boto3 AWS SDK for python to provide secure access to the VPC Flow Logs.
VPC Flow Logs can be accepted by LANGuardian systems deployed in AWS or using traditional on-premise installation.
Advantages of AWS VPC Flow Analysis
- Extends your visibility to include traffic in your AWS estate
- Simple to implement, no probes or agents required
- Monitors any AWS estate (does not require modification of AMIs)
- Supports very large scale
- Continuously monitor AWS activity to identify malicious or suspicious behavior
- Ideal for network security monitoring and forensics
LANGuardian’s support for AWS VPC Flow Logs ensures organizations always have visibility into traffic traversing their on premise, AWS and virtual networks from one central console.