Lastline’s Network Detection and Response Platform Supports Amazon VPC Ingress Routing for Complete Visibility
Today, Amazon Web Services (AWS) announced a new feature, Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing, at its AWS re:Invent 2019 conference in Las Vegas. Lastline is proud to be one of a small group of companies who has worked closely with AWS to deliver support for this new feature from day one. Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. This enhancement allows customers to redirect north-south traffic flowing in and out of Amazon VPC through an Internet gateway and virtual private gateway to Lastline Defender, Lastline’s network detection and response (NDR) platform.
Improved visibility is a top priority for many organizations as they migrate their workloads to the cloud. Symantec recently published its Cloud Security Threat Report showing that 53 percent of respondents are moving at least some of their workloads to the cloud, and 69 percent are still storing some data on premises. Not surprisingly, 93 percent report issues keeping tabs on all their workloads.
Some common mistakes organizations make when migrating workloads to the cloud are:
- Believing that security is the provider’s responsibility: Infrastructure providers such as AWS are specific in delineating which aspects of securing the platform are its responsibility and which are the customers. Unfortunately, many organizations are not familiar with the IaaS shared responsibility model and, unlike a SaaS model (like Salesforce), they don’t realize that they are responsible for any applications or services installed on top of the infrastructure.
- Expecting that what worked in their on-premises environment will work in the cloud: Workflows and processes operate differently in the cloud than in on-premises environments; yet, organizations sometimes operate on the assumption that the cloud versions of their on-premises security controls and processes will operate the same way.
- Failing to migrate security controls along with workloads: As organizations migrate workloads, another issue is that they fail to embrace the same “defense-in-depth” approach as they did with their on-premises environments. Deploying multiple security controls at the edge and internally increases the likelihood of detecting threats.
- Migrating incomplete or inconsistent security policies: Some organizations migrate existing workloads to the cloud in a “lift and shift” approach, in which they move the workload “as-is” and do not rearchitect it to reflect the new cloud architecture. Although fast, this practice often fails to incorporate the latest cloud security controls, leaving the workloads exposed.
Here’s one example of an attack scenario that targets cloud workloads by taking advantage of a vulnerable cloud service and lack of adequate security controls:
- An attacker exploits a vulnerability in a web server that is deployed in AWS and gains shell access to it.
- The bad actor performs a scan of the internal network that is accessible from the web server and discovers the existence of a phpMyAdmin instance on a database server.
- The attacker acquires access to the database server by leveraging default/weak passwords in phpMyAdmin (an open source admin tool) and, as a result, obtains full access to the database content.
- The attacker extracts the full database content and copies it back over to the web server, preparing it for exfiltration.
- Finally, the attacker uploads the database content to an external server and monetizes targeted data by selling it to a competitor or launching secondary attacks against the victim’s customers.
Lastline Defender reduces your organization’s exposure to threats targeting your workloads in the cloud (as well as your on-premises environment). It combines four complementary AI-powered technologies to detect and respond to threats in both “north/south” and “east/west” traffic:
- Intrusion Detection and Prevention System detects threats entering your network targeting vulnerable services and applications.
- File Analysis detects malicious content attempting to enter your network via web, email, or file transfers.
- Network Traffic Analysis detects anomalous activity and malicious behavior as it moves laterally across your network.
- Global Threat Intelligence continuously updates Lastline Defender’s detection and analysis capabilities in real time.
Today’s announcement means you can quickly apply Lastline Defender’s in-depth protection to any traffic entering or exiting as well as moving laterally in your AWS environment:
- Amazon VPC Ingress Routing lets you choose which traffic to route through Lastline Defender.
- Amazon VPC Traffic Mirroring, a feature announced by AWS earlier this year, enables Lastline Defender to inspect all traffic flowing between your Amazon Elastic Compute Cloud (Amazon EC2) instances for advanced threats, without the need to deploy agents.
Validated alerts into malicious activity directed against your cloud workloads enable you to respond faster and more effectively to threats, such as:
- Inbound Exploits: Prevent attacks against vulnerable applications and services in AWS clouds by blocking malicious packets and payloads
- Malicious Lateral Traffic: Detect when an attacker scans for other workloads, prevent discovery of additional services and block lateral movement and connection to an unusual port
- Data Exfiltration: Detect and block anomalous data access before a bad actor can exfiltrate the data
Learn more about Lastline Defender and how it can detect and contain sophisticated threats in both on-premises and cloud environments, before they disrupt your business.