AWS brings native network traffic mirroring to EC2 instances
Amazon Web Services on Tuesday rolled out a new networking security feature that will let customers natively replicate network traffic from an EC2 instance. The new VPC traffic mirroring feature enables customers to mirror EC2 instance traffic within their Amazon Virtual Private Cloud ( VPC) and forward that traffic to security and monitoring appliances — making it easier to conduct content inspection, threat monitoring or troubleshooting.
“Running a complex network is not an easy job,” Jeff Barr, chief evangelist for AWS, wrote in a blog post. “In addition to simply keeping it up and running, you need to keep an ever-watchful eye out for unusual traffic patterns or content that could signify a network intrusion, a compromised instance, or some other anomaly.”
Previously, customers had to install and manage third-party agents on EC2 instances to capture and mirror traffic.
The security and monitoring appliances that integrate with VPC traffic mirroring are available on AWS Marketplace. Several AWS partners on Tuesday, including JASK, NetScout and Palo Alto Networks, announced solutions that integrate with VPC traffic mirroring.
Customers can deploy them on an individual EC2 instance or a fleet of instances. They can also filter the traffic that is mirrored, to limit monitoring to traffic they’re interested in.
VPC Traffic Mirroring is now available in all commercial AWS Regions except Asia Pacific (Sydney), China (Beijing), and China (Ningxia). Support for those regions will be added soon.
The new feature was one of multiple networking and cloud security announcements made this week at AWS’s new re:Inforce security conference.
AWS is also introducing a new APN Security Navigate track for AWS Partner Network (APN) companies. The track will offer guidance to APN partners that want to build expertise in cloud security on AWS.
One APN partner, Symantec, announced Tuesday a new integration between its Cloud Workload Protection (CWP) product and Amazon’s GuardDuty. The new service provides automated threat detection and remediation, as well as detection of infrastructure misconfigurations, for AWS workloads and storage. It also delivers automatic protection mode, which invokes cloud APIs for automated response to policy violations.
AWS this week also announced the general availability of Security Hub, a service that give customers a comprehensive view of their compliance with security standards and their high priority AWS security alerts. Announced at last year’s re:Invent conference, the service consolidate findings from AWS services like GuardDuty, Amazon Inspector and Amazon Macie, bringing them together in a single dashboard.