AWS VPC Traffic Mirroring Integration Coming Soon

July 17, 2019 | by Ameya Talwalkar

AWS VPC Traffic Mirroring

Back to work after the AWS re:Inforce conference in Boston and the July 4th weekend and I am super pumped about what I learned at AWS re:Inforce. Having attended a couple of AWS re:Invent conferences, which have become ginormous, it was refreshing to attend a security-focused AWS conference. It was a great opportunity to network with the security people at AWS, customers looking for security solutions for their AWS deployments and industry peers. AWS went out of their way to help us connect with their executives during the event, and we are grateful for that. But the most excitement comes from the number of new features that were announced and demonstrated during the conference.

First and foremost, we are very excited with the release of VPC Traffic Mirroring, a service that allows you to capture and inspect network traffic at scale. In traditional data center based deployments, it is common to find network TAP ports which mirror network traffic to network security devices for inspection. This allows for frictionless yet passive traffic inspection, minimizing any potential performance or availability impacts on the applications behind the TAP ports. This functionality has been mostly missing in Cloud environments. VPC Traffic Mirroring changes that. Enterprises can now use the same passive inspection security principles that they followed in physical data center environments, but with a cloud-centric approach.

Our Cequence Application Security Platform protects public-facing applications deployed on AWS from automated, malicious bots and vulnerability exploits using passive traffic inspection to provide complete visibility into the application traffic. Currently, we use NGINX on AWS to send a copy of the traffic to CQAI, our analytics engine, for passive inspection. If a malicious bot or vulnerability exploit is found, you can mitigate it with our lightweight, inline agent. With VPC Traffic Mirroring integration, our customers will be able to use native AWS services as an alternative to NGINX to send a copy of the traffic to CQAI for passive inspection, thereby streamlining deployments on AWS. If a threat is found, you can mitigate by using the REST APIs to send the findings to an AWS or other 3rd party security infrastructure component (e.g., WAF, SIEM, Firewall).

We are currently testing our integration with VPC Traffic Mirroring with general availability coming in the very near future. We are committed to expanding our use of native AWS technologies to give our customers the best experience in their AWS environments. To that end, look for us to deliver integration with AWS WAF, AWS Security Hub, Amazon GuardDuty, AWS Data Lake, and AWS Simple Notification Service (SNS) in the near future.

Ameya Talwalkar

Ameya Talwalkar

President, Chief Executive Officer & Founder

Additional Resources

New Research Discovers More Than 30% of All Malicious Attacks Target Shadow APIs. Learn more Arrow icon