Expanded Amazon VPC Traffic Mirroring support broadens network threat detection for IronNet customers

The recent expansion of AWS support for VPC Traffic Mirroring brings this popular capability to an even broader set of organizations, significantly increasing the range and scope of IronNet’s industry-leading NDR and collective defense capabilities.

Originally launched in June of 2019,  VPC Traffic Mirroring allows AWS Virtual Private Clouds (VPC) customers to capture and inspect network traffic at scale. The newly expanded support from AWS extends the applicability of VPC Traffic Mirroring to twelve additional instance types, eliminating the need to use agents to acquire traffic from these instance types.

This is welcome news as it expands the application of IronDefense NDR and IronDome Collective Defense platform capabilities to additional workloads in AWS environments across a range of existing and new AWS customers in multiple geographies and across a range of sectors. This gives all of these security teams deep visibility and singificantly enhanced  detection of network threats in their AWS deployments. 

Moreover, the expansion of AWS’s Traffic Mirroring capability means that a much broader range of customers have access to the same type of core network threat detection and collective defense sharing that was once focused primarily in on-premise deployments.  This also means that customers with AWS hybrid environments will be able to combine data from both their on-premise and cloud environments to deliver top-notch threat detection and mitigation at scale.

AWS_IronDefense Architecture_isometric icons_002

The Amazon VPC Traffic Mirroring deployed alongside IronNet’s AWS Cloud Sensor provides IronNet customers with the following benefits:

  • Security and protection of AWS cloud deployments: The Amazon VPC traffic mirroring capability expands IronDefense’s industry-leading network detection and response capability to AWS cloud deployments across a wide range of AWS environments and services, and to combine the results from both their cloud and on-premise environments, enabling customers to detect and mitigate advanced cyber threats targeting their cloud-native and hybrid deployments.
  • Advanced cyber threat hunting in AWS environments: With Amazon VPC traffic mirroring, IronDefense customers now have the ability to use the same advanced cyber hunt capability across enterprise network flow and employ the type of full-PCAP analysis that was previously only available for enterprise networks using IronNet’s physical sensor(s).
  • Simplified operations: This new feature enables customers to natively replicate Amazon VPC traffic from over a dozen AWS instance types to IronDefense, thereby greatly reducing the deployment complexity experienced by existing solutions. Because IronDefense treats traffic flows from Amazon VPCs just like any other standard network traffic source (e.g., any other tap point), it will automatically begin to analyze flows for anomalies and identify high risk threats within the customer’s AWS environments as well as across hybrid customer environments. This removes the previous requirement of needing to deploy third-party packet forwarding agents, and instead leverages native Amazon VPC data along with AWS security logs increasing the visibility and defensibility of AWS and hybrid cloud environments.
  • Industry-wide visibility across peer AWS cloud environments with IronDome: Threats and anomalies detected by IronDefense originating from on-premise or AWS deployments across a range of instance types can now be automatically and anonymously shared with other industry and supply-chain partners in real-time through the IronDome collective defense platform.  This provides those customers and their partners with  shared situational awareness across their own  industry sector and as well as amongst  multiple sectors and between the public and private sector, as appropriate. This allows IronDome members to identify new threat trends at the sector level, as well as specific new and novel threats in each customer environment.  IronNet’s innovative collective defense capability also permits analysts to collaborate in real-time with their colleagues across industry and allows them to take action at a moments’ notice to stop an active threat.

Read more from Amazon about the announcement. IronNet’s IronDefense platform employing AWS’s newly expanded Traffic Mirroring capability can be found on the AWS Marketplace.

Learn more about Collective Defense, view the IronDefense solution sheet, or request a demo to see it in action. For more information about IronNet on AWS, including IronDefense, visit our AWS Marketplace listing. Existing customers can contact their Customer Success Manager to get access. 

About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.