Enable browser cookies for improved site capabilities and performance.
Toggle Menu
Insights > Network Visibility + Security
Related Tags
- #Cloud
- #Packet Brokers
- #Performance Monitoring
- #Cybersecurity
- #Network Security
- #Network Visibility
- #Network Analyzers
- #Data Privacy
- #Software
- #CloudLens
- #Network Taps
- #Test Automation
- #Network Test
- #SDN + NFV
- #Internet of Things
- #Industry Trends
- #Bypass Switches
- #Government
- #Healthcare
- #Data Center Infrastructure
- #Hawkeye
- © Keysight Technologies 2000–2022
Gregory Copeland
Director Technical Alliances
Network Visibility + Security
Threat Detection and Response in Azure Environments
2021-09-22 | 4 min read
For years now, Network Detection and Response (NDR) has been in use for on-premise enterprise environments, and many consider NDR the gold standard for detecting anomalies and security threats. NDR uses network packets (sometimes called wire data) as an essential source of data to analyze since they provide the most complete information of any data source, far beyond what flows, logs, polling, and APIs do.
In recent years, many enterprises have begun to move some (or all) of their applications to the cloud. When doing so, they’ve encountered gaps in their ability to gather wire data for analysis by NDR (more on this in a minute). Many vendors of cloud security analytics have focused on metadata-based analytics solutions, partly because metadata is more accessible to collect than wire data in the cloud. Consequently organizations that have come to depend on the detail offered by analyzing packets have discovered they lost the more detailed detections they’ve come to rely on in the past.
The cloud providers have begun to respond to this concern, with some offering packet mirror capabilities as part of their service. However, these offerings have caveats and vary significantly in the completeness and features of their offerings compared with packet collection techniques used by on-premise enterprises. For example, Microsoft Azure currently offers no packet mirroring service. Several years ago, Azure did have a beta trial of a virtual tapping service, but it was discontinued, and Microsoft hasn’t yet announced plans for an alternative.
Fortunately, enterprises moving applications to Azure have an alternative to collect wire data and deliver it to NDR for analysis. Keysight CloudLens offers a complete packet collection service, which can deliver copies of packets from Azure environments to cloud based NDR analysis tools (e.g. Vectra Cognito). CloudLens includes features which on-premise enterprises have come to depend on, such as packet replication, aggregation, filtering, and more, ensuring NDR tools get all the data they need, but not using resources where they aren’t required. Furthermore, CloudLens work independently of the Cloud providers network configuration, and as such, is shielded from network service changes implemented by the cloud provider. It works in Azure even though they have no virtual tapping service in the network. And as an added benefit CloudLens also works consistently in a multi-cloud environment (e.g. Azure/AWS/GCP).
Customers of NDR tools love CloudLens because it offers them the data they need to continue the rich and detailed anomaly detection and security threat detection that packets provide.
“The Vectra Cognito Platform is an AI-driven threat detection and response solution that can leverage the raw packet data that Keysight CloudLens provides to alert and stop ransomware and nation-state attacks,” Says Sachin Saranathan, Head of Technology Alliances and Ecosystems at Vectra. “Together with Keysight, we accelerate security investigations with high fidelity and security-enriched data, helping SOC teams to resolve security incidents rapidly and comprehensively, with zero compromises.”
Related Content
More Information
Keysight CloudLens
Vectra Cognito Threat Detection and Response solution brief
Related Posts
Industries
Cloudification of Test Software
Ben Coffin 2022.07.26
7 min read
#5G #Network Test #Software #Cloud
Network Visibility + Security
Looking into WebSocket Traffic in HAR Capture
Anubhab Sahu 2022.07.24
7 min read
#Network Security #Network Visibility #Network Test #Industry Trends
Network Visibility + Security
HTTP/3 and QUIC: Prepare your network for the most important transport change in decades
Joyjit Pyne 2022.07.08
15 min read
#Network Security #Data Privacy