Twistlock sponsored this article, which was written independently by The New Stack.
Until now, administrators couldn’t easily tap into the traffic going over the Amazon Web Services’ virtual private cloud (VPC). This week at the inaugural AWS re:Inforce conference in Boston, however, AWS unveiled VPC Traffic Mirroring, a new feature that gives existing VPC users the ability to capture and inspect network traffic at scale.
VPC Traffic Mirroring will give AWS users an unmitigated firehose of VPC traffic for inspection and analysis, which can be used for anomaly detection, deriving operational insights, troubleshooting of network and application performance, and the implementation of compliance and security controls.
AWS product partners, such as those in the AWS Marketplace, may also find this capability useful, according to Dave McCann, vice president of the AWS Marketplace. “In fact, in the marketplace, there are 19 software companies that are coding into traffic mirroring today,” said McCann.
VPC Traffic Mirroring is a “virtual fiber tap” that gives you direct access to the network packets flowing through your VPC, which can even be used across a multi-account AWS environment and centralized to a single point, according to the company.
VPC Traffic Mirroring offers partners a way to do what they may have already been doing, but now without the possibility of affecting their customers, according to AWS CISO Stephen Schmidt.
“One of the difficulties we saw with previous implementations in this space was that there are partners that have systems that customers are already using on AWS, but the way that they were implemented tended to be either with agents on the systems or what we would call ‘a bump in the wire’, which is a box that’s interposed with customer traffic,” said Schmidt. “Those present scaling problems — as a customer’s traffic goes up and down you have to figure out how to scale up and down, and your box is in the middle. You have to worry about if that particular device will stop the flow of traffic if it breaks, whereas Traffic Mirroring means that even if they don’t scale properly, it doesn’t affect a customer’s ability to provide a service.”
Both McCann and Schmidt focused on the “agent-less” visibility offered by Traffic Mirroring, noting that the feature offers visibility without the possibility of affecting performance. Schmidt admitted that the feature comes later than they would have liked, but explained that the delay was a result of delivering such a feature in the face of measures meant to keep AWS users secure.
“It’s really easy to tap traffic when you have a small network, but when you have an incredibly large network where you intentionally designed it to be difficult to tap, it means that it’s a very, very significant engineering challenge,” said Schmidt. “We had to give customers a way that they could receive a copy of their traffic in a way that didn’t impact the availability or the throughput of their resources. Those two things are very different in the engineering world and they’re very hard to do, so it took us quite a while to get it right.”