Detecting Malicious Activity in the Public Cloud with Network Traffic Mirroring Using AWS as the Example

Webinar Registration

Network traffic analysis has been a staple in mature security strategies for many years. The ability to perform deep packet inspection of inbound and outbound traffic provides security teams with valuable insight into abnormal traffic patterns, malicious communications, misalignment of traffic with the used port, exfiltration of data, and more.

But the shift to the cloud has caused organizations to lose precious visibility needed to keep an eye on traffic to/from their critical workloads hosted in public cloud environments. Intrusion Detection solutions rely on the ability to lie logically in between corporate workloads and the outside world, making the cloud a stumbling block. 

Recent advancements in the public cloud have included network traffic mirroring capabilities, empowering security analysts to regain the needed visibility to identify potential threats based on traffic patterns or anomalies between cloud-based virtual machines. This feature makes it possible to include intrusion detection and other deep packet inspection solutions into a cloud security strategy.

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat in this webcast, discussing the value of network traffic visibility as part of detecting cyberattacks. Topics will include:

  • Why network traffic is a valuable threat detection tool
  • Pinpointing attacks with packet analysis – what to look for and what can you see?
  • Network traffic obfuscation techniques the bad guys use

Nick will be joined by Morgan Doyle, Consulting Software Engineer - Detection and Response, and Darragh Delaney, Product Manager, Network Data at Rapid7, who will discuss the options for cloud-based network traffic analysis and how it differs from on-prem approaches. They will demonstrate the VPC traffic mirroring features in AWS and show how to set up a traffic mirroring session to capture activity associated with a number of network interfaces in AWS, including the use of:

  • Mirror Sessions
  • Mirror Targets
  • Mirror Filters

Using the data captured from this, Morgan and Darragh will show how the captured data can be used for incident detection and response.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources