Gaining Traffic Visibility in AWS with Léargas Network Appliances and Amazon VPC Traffic Mirroring


This week at AWS re:Inforce, AWS announced Amazon Virtual Private Cloud (Amazon VPC) Traffic Mirroring. Amazon VPC traffic mirroring is a great addition for organizations who are migrating apps and workloads to AWS.

At Léargas Security, we’re pleased to announce that we've launched the Léargas Security Platform in AWS and it is immediately available to our subscribers.

As every organizations’ attack surface continues to grow, through Traditional Infrastructure, Cloud, and IoT, security teams rely on an ecosystem of strategic partners to both understand what their attack surface looks like and how to best defend it.

One of the greatest challenges to organizations migrating to the cloud has been visibility. Until today, most organizations were required to use client-based agents such as PacketBeat or local installations of Suricata or Zeek to perform network traffic analysis. There was no reliable traffic mirroring capability for the AWS network fabric, which made monitoring very cumbersome and often overlooked.

With this new addition, customers can mirror network traffic from an Elastic Network Interface (ENI) within their VPCs and send the traffic to the Léargas Platform. Amazon VPC traffic mirroring allows customers of Léargas to enjoy the same network traffic analysis and threat detection features for their AWS cloud-based workloads as they do with our VMware and On-Premise solutions.

It should be noted that both the EC2 instance and the Léargas Platform must be powered by the AWS Nitro system (A1, C5, C5d, M5, M5a, M5d, R5, R5a, R5d, T3, and z1d). Additionally, both the EC2 instance and the Léargas Platform must be placed in the same VPC.

With Amazon VPC traffic mirroring and the Léargas Appliances integrated, Léargas Security customers can quickly deploy cloud-based multi-contextual network traffic analysis for north-south and east-west communications of instances. Additionally, all traffic will be correlated with on-premise appliances, to provide a single pane of glass.

All platforms capabilities, such as Real-Time Correlation to "Dark Web", Enrichment, Malware Analysis, and Alerting will be applied to all Léargas Appliances, regardless of location.