All Featured Tech Field Day Events

Monitoring Cloud Network Traffic with ExtraHop

Are you moving your workloads to the cloud? That almost seems like a rhetorical question at this point, doesn’t it? Even if you don’t have any plans to move your workloads to AWS or Azure, you can bet that at least one of your application providers is thinking about it. And that means that your corporate traffic is headed to the cloud whether you like it or not.

When your workloads move to the cloud, how does that affect your monitoring strategy? You probably figured out how to monitor services in the cloud or how to make sure your instances are online. But did you think about your security monitoring posture? Or how you’re going to manage to look at all that information now that your software and applications are living somewhere in Virginia instead of your own data center?

Shocking Reveal

What you need is a solution that can take on the tough job of securing your infrastructure no matter where it lives. For that, you need a company that has experience in this kind of analysis. During Security Field Day 2 and Cloud Field Day 6 we got a great look at just such a solution from ExtraHop with Reveal(x).

What I love about Reveal(x) is that it can look at your network traffic no matter where it lives. Still have a lot of custom applications that run on-premises? You can run Reveal(x) in the data center and figure out where all those traffic flows are going and look for anomalies. Moved your workloads to the cloud? Never fear! Reveal(x) Cloud is here to save the day! Reveal(x) Cloud is a SaaS-based offering that allows you to enjoy the same visibility that you can get from the on-prem version of Reveal(x) but in a package that works with Amazon and Microsoft and workloads that don’t live in your neighborhood any longer.

Bagging The Bad Guys

It’s critical to have tools like ExtraHop Reveal(x) in your toolbox when you start doing real security work. I love the above demo from Jeff Costlow because it shows how attackers really move throughout the network and how best to catch them. The Hollywood idea of keys clicking away as ultra-L337 hax0rs penetrate your network is far-fetched at best. Instead, hackers get in and lay low while they perform recon and figure out how to get a foothold. You may not notice a blip in the stream of data you’re seeing until it’s too late.

Instead, you have to have eyes everywhere at all times. That’s why Reveal(x) is such a crucial tool. It allows you to see those spurious connections and figure out they aren’t a part of legitimate communications. That’s hard enough to do when the equipment you’re monitoring lives right next to you in a rack. Adding in the difficulty in monitoring that same application stack in the cloud and reducing the complexity of the logs you get with AWS and Azure? It’s downright impossible!

Reveal(x) gives you the visibility you need to make the important decisions about how you’re going to fight back against attackers. It could be something as simple as noticing that a particular host has transmitted a lot of data out of the network at a random time. Tracking data usage isn’t usually high on the list of most security admins. But noticing that it all went out of the network from a system that doesn’t normally upload data back to the Internet is a huge sign something is wrong and you need to investigate. An innocuous event leads to a bigger problem. If you have the solution in place to notice the first event you won’t get surprised by the bigger issue when it floats to the surface.

Bringing It All Together

You can’t stop the inevitable march of technology to the cloud. You can’t even hope to stem the tide at this point. But you can provide the same kind of monitoring and security assurances that you enjoy in your on-prem data center when you get to your destination in Azure and AWS. ExtraHop has spent years building a platform that gives you visibility into your workloads and the traffic they generate. They built it so well that it doesn’t matter whether that traffic lives in your house or in someone else’s warehouse. It all works the way you need it to work.

About the author

Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at https://networkingnerd.net/

Leave a Comment