• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Packet Capture on AWS ~ New Solutions to Old Problems

August 17, 2017 By Teri Radichel

Security professionals often attach a packet capture security appliance to a span port on hardware network equipment to capture network packets in a data center. On AWS customers do not have access to span ports and physical networking equipment. This led some security professionals to believe it is not possible to implement a packet capture solution on AWS.

In fact, packet capture is possible on AWS, but security professionals must leverage the tools offered by the cloud platform and implement packet capture in a different way. I recently finished a SANS Gold Paper on this topic, Packet Capture on AWS, which outlines architecture options for a packet capture solution on AWS. SANS is the largest source for information security training in the world. This paper was an assignment in the SANS accredited Master of Information Security Engineering program.

At Black Hat two security researchers covered some of the differences security professionals will face in a presentation called Fighting the Previous War (AKA: Attacking and Defending in the Era of the Cloud). The researchers said that security professionals who try to translate security tools and solutions from a data center directly to the cloud will be missing important new attack vectors. Misconfigurations of AWS S3 buckets is one example that has caused a number of recent breaches.

In addition to facing new attacks, AWS and other cloud platforms offer new tools that can help security professionals create innovative new security solutions. Security architectures can be very robust when implemented correctly. Security operations teams can respond faster to attacks via automated solutions, artificial intelligence, and more complete logging solutions. Automated security policy enforcement can help prevent errors and integrate training into software deployment processes.

Packet capture is just one example of a security solution security professionals must architect differently in the cloud. Although the approach is not the same, it can still be effective. Based on the number of breaches in the news every day it may be a good time for security teams to consider new ideas and new ways to solve old problems. — Teri Radichel (@teriradichel)

Share This:

Related

Filed Under: Editorial Articles Tagged With: aws, Cloud, ids, IPS, network architecture, network security, packet capture, tcpdump

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use