IronNet Blog

Executive Commentary, Threat Research, and Analysis from the IronNet team.

IronDefense and IronDome Support for Amazon VPC Traffic Mirroring

IronNet is proud to be a participating company at the launch for Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring, announced today at the AWS re:Inforce conference in Boston. This exciting new capability enables IronNet customers to extend the IronDefense Network Traffic Analysis (NTA) capability and the IronDome Collective Defense platform to their AWS cloud deployments.

The new Amazon VPC traffic mirroring provides IronNet customers with the following benefits:

  • Secure and protect AWS cloud deployments: The new Amazon VPC traffic mirroring capability expands IronDefense’s industry-leading network traffic analysis capability to AWS cloud deployments and to combine the results from both their cloud and on-premise environments, enabling customers to detect and mitigate advanced cyber threats targeting their cloud or hybrid deployments.
  • Advanced Cyber Threat Hunting in AWS environments: With Amazon VPC traffic mirroring, IronDefense customers now have the ability to utilize the same advanced cyber hunt capability across enterprise network flow and employ the type of full-PCAP analysis that was previously only available in on-premise environments.
  • Simplified operations: This new feature enables customers to natively replicate Amazon VPC traffic to IronDefense thereby greatly reducing the deployment complexity experienced by existing solutions. This removes the previous requirement of needing to deploy third-party packet forward agents and instead leverages native Amazon VPC data with AWS security logs increasing the visibility and defensibility of AWS cloud environments.
  • Industry-Wide visibility across peer AWS cloud environments with IronDome: Threats and anomalies detected by identified by IronDefense originating from on-premise or AWS deployments are automatically and anonymously shared with other industry and supply-chain partners in real-time through the IronDome collective defense platform to provide shared situational awareness for each industry sector and across multiple sectors. This allows IronDome members to identify new threat trends at the sector level and to take action at a moments’ notice to stop an active threat. Such shared cyber situational awareness also allows IronDome members to focus their defenses on the key threats targeting their industry.
  • Expanded Cyber Operations Center (CyOC) Services to AWS Environments: Customers who leverage IronNet’s Managed Detection & Response (MDR) services to augment and support their SOC teams now have the ability to work with IronNet’s elite offensive and defensive operators in the CyOC to hunt for threats across AWS environments, including hybrid architectures.

The new Amazon VPC traffic mirroring capability is already deployed to certain AWS and IronNet customers and will be generally available to all existing and new IronDefense customers later this quarter (Q2 2019).

How IronDefense Works with Amazon VPC Traffic Mirroring

Enabling Amazon VPC traffic mirroring to work with IronDefense is simple. Once an IronDefense sensor is provisioned in a customer’s VPC, all it takes is to leverage Amazon VPC traffic mirroring to send traffic from their Elastic Load Balancer (ELB) or Elastic Network Interface (ENI) to the IronDefense sensor.

The IronDefense sensor is highly scalable and will automatically meet any ingestion needs based on the aggregate traffic volume within a given VPC. Once enabled, a customer can monitor traffic flows through the standard IronDefense user interface.


IronDefense Sensor Screen IronDefense processing Amazon VPC Traffic Mirroring Flows


Once traffic mirroring is set up, IronDefense will treat traffic flows from Amazon VPCs just like any other standard network traffic source (e.g., any other tap point) and will automatically begin to analyze flows for anomalies and identify high risk threats within the customer’s AWS environments.

For More Information - Contact Us

Existing customers who want information on this new capability should reach out to their Customer Success Manager to obtain deployment, sizing, and support services as needed.

Prospective customers who want to see a demo or find out more information about how IronDefense can help them secure their AWS deployments should visit our website or contact us for more information.