This post is also available in: 日本語 (Japanese)
Amazon VPC Traffic Mirroring provides a non-intrusive way to enable network visibility into your AWS deployments without requiring significant design changes to virtual network architecture.
Palo Alto Networks has built an integration of its VM-Series Virtualized Next-Generation Firewall with Amazon VPC Traffic Mirroring capability. VM-Series is the industry-leading virtualized firewall protecting your applications and data with next-generation security features that deliver superior visibility, precise control and threat prevention at the application level.
VM-Series has supported AWS cloud since 2014 with inline security protections for application workloads running in the cloud. According to Mukesh Gupta, vice president of product management at Palo Alto Networks, “Enterprises require consistent security in the cloud without sacrificing deployment flexibility and choice. Along with inline threat prevention capabilities, the integration of VM-Series with the Amazon VPC Traffic Mirroring capability gives organizations a choice to deploy the firewall out of band for application visibility and advanced threat detection in AWS cloud.”
VM-Series on AWS deployed out of band now supports two critical security outcomes in AWS cloud:
VM-Series on AWS can analyze, filter and process the raw data available through the VPC Traffic Mirroring capability within AWS cloud and provide contextually rich application, content and threat information. The need for extracting data out of AWS cloud for further processing is eliminated, saving cost and providing deep insight into network traffic. Based on this more in-depth inspection, customers can choose to enable alerts for a wide range of security issues, for example:
Based on the visibility and detection (in logs), you can filter for events, and enable alerts and actions that can trigger remediation using Action-Oriented log forwarding using HTTP(S). This provides a webhook to create a ticket in a service desk system or a security orchestration and response tool, such as Cortex XSOAR, or launch an AWS Lambda function, which can quarantine by shutting down the instance or lock down the Security Group.
The VM-Series firewall supports enhanced application logging, which converts raw packet data from AWS mirrored network traffic into context-aware network activity information for storage in Palo Alto Networks cloud services, including Cortex Data Lake. Security applications, such as Cortex XDR, can start analyzing the rich data collected, using analytics and machine learning to detect stealthy attacks and expedite security investigations accurately. Identified threats can be mitigated through automated response from Cortex XSOAR and other security orchestration and response tools.
To learn more, we encourage you to follow these links:
An earlier version of this blog was published June 25, 2019. It has been updated to reflect new developments in Amazon VPC Traffic Mirroring and PAN-OS.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.