Security professionals often attach a packet capture security appliance to a span port on hardware network equipment to capture network packets in a data center. On AWS customers do not have access to span ports and physical networking equipment. This led some security professionals to believe it is not possible to implement a packet capture solution on AWS.
In fact, packet capture is possible on AWS, but security professionals must leverage the tools offered by the cloud platform and implement packet capture in a different way. I recently finished a SANS Gold Paper on this topic, Packet Capture on AWS, which outlines architecture options for a packet capture solution on AWS. SANS is the largest source for information security training in the world. This paper was an assignment in the SANS accredited Master of Information Security Engineering program.
At Black Hat two security researchers covered some of the differences security professionals will face in a presentation called Fighting the Previous War (AKA: Attacking and Defending in the Era of the Cloud). The researchers said that security professionals who try to translate security tools and solutions from a data center directly to the cloud will be missing important new attack vectors. Misconfigurations of AWS S3 buckets is one example that has caused a number of recent breaches.
In addition to facing new attacks, AWS and other cloud platforms offer new tools that can help security professionals create innovative new security solutions. Security architectures can be very robust when implemented correctly. Security operations teams can respond faster to attacks via automated solutions, artificial intelligence, and more complete logging solutions. Automated security policy enforcement can help prevent errors and integrate training into software deployment processes.
Packet capture is just one example of a security solution security professionals must architect differently in the cloud. Although the approach is not the same, it can still be effective. Based on the number of breaches in the news every day it may be a good time for security teams to consider new ideas and new ways to solve old problems. — Teri Radichel (@teriradichel)