FireEye Stories Blog

I Can See (Even More) Clearly Now: AWS Traffic Mirroring Expands to Provide Improved Visibility in the Cloud

FireEye Network Security and FireEye Network Forensics bring industry-leading threat detection capabilities to protect public cloud environments. As enterprises continue to migrate and build workloads in the cloud, those workloads are exposed to increasing threats from the larger public cloud footprint. FireEye Network Security and Network Forensics help protect cloud infrastructure against the most advanced threats. While many of these threats continue to bypass traditional solutions such as firewalls and secure web gateways, FireEye Network Security and Network Forensics empowers users to perform traffic analysis in AWS in real time, with the verdicts delivered within seconds.

A few years ago, Rob Ayoub published a blog post highlighting how FireEye can perform deep packet inspection with Network Security and Network Forensics and Amazon Virtual Private Cloud (VPC) Traffic Mirroring. Today, we are happy to announce to our mutual customers an expansion of that initial partnership. 

AWS Expanded Support for VPC Traffic Mirroring

Amazon VPC Traffic Mirroring is now supported on additional select non-Nitro instance types. Amazon VPC Traffic Mirroring allows users to replicate the network traffic from EC2 instances within VPC to security and monitoring appliances for use cases such as content inspection, threat monitoring and troubleshooting.

Until now, customers could only enable VPC Traffic Mirroring on their Nitro-based EC2 instances. Now mutual customers can enable VPC Traffic Mirroring on additional instance types, including C4, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1 and X1e, which use the Xen-based hypervisor. Users can now uniformly inspect network traffic on these additional EC2 instance types with FireEye Network Security and Network Forensics. This feature is available in all 22 AWS regions where VPC Traffic Mirroring is currently supported.

How this Helps Our Mutual Customers

As many recent high-profile breaches have illustrated, a customer’s cloud infrastructure can be leveraged in sophisticated attack campaigns. Many cloud security tools today only focus on configuration of cloud workloads and protecting sensitive data. While misconfigurations have been a primary launch point for most attacks against the cloud, sophisticated attackers are increasingly leveraging other vectors to infiltrate customer cloud deployments, and expanded AWS Traffic Mirroring will help defend against those threats.

Mutual FireEye and AWS customers will see many benefits from this partnership. Customers who rely on FireEye Network Security and Network Forensics can now leverage the same advanced detection capabilities and front-line intelligence they are used to receiving in on-premises environments in their cloud infrastructure. AWS has embedded this functionality directly into their infrastructure, eliminating highly complex architectures and providing a more seamless experience for those managing the challenging transition from on-premises to cloud-native environments.

Learn more about how FireEye can help improve visibility in AWS.