Screenshot 2021 09 27 135503

Threat Detection and Response in Azure Environments

Published: 22nd September 2021

For years now, Network Detection and Response (NDR) has been in use for on-premise enterprise environments, and many consider NDR the gold standard for detecting anomalies and security threats. NDR uses network packets (sometimes called wire data) as an essential source of data to analyze since they provide the most complete information of any data source, far beyond what flows, logs, polling, and APIs do.

In recent years, many enterprises have begun to move some (or all) of their applications to the cloud. When doing so, they’ve encountered gaps in their ability to gather wire data for analysis by NDR (more on this in a minute). Many vendors of cloud security analytics have focused on metadata-based analytics solutions, partly because metadata is more accessible to collect than wire data in the cloud. Consequently organizations that have come to depend on the detail offered by analyzing packets have discovered they lost the more detailed detections they’ve come to rely on in the past.

The cloud providers have begun to respond to this concern, with some offering packet mirror capabilities as part of their service. However, these offerings have caveats and vary significantly in the completeness and features of their offerings compared with packet collection techniques used by on-premise enterprises. For example, Microsoft Azure currently offers no packet mirroring service. Several years ago, Azure did have a beta trial of a virtual tapping service, but it was discontinued, and Microsoft hasn’t yet announced plans for an alternative.

Fortunately, enterprises moving applications to Azure have an alternative to collect wire data and deliver it to NDR for analysis. Keysight CloudLens offers a complete packet collection service, which can deliver copies of packets from Azure environments to cloud based NDR analysis tools (e.g. Vectra Cognito). CloudLens includes features which on-premise enterprises have come to depend on, such as packet replication, aggregation, filtering, and more, ensuring NDR tools get all the data they need, but not using resources where they aren’t required. Furthermore, CloudLens work independently of the Cloud providers network configuration, and as such, is shielded from network service changes implemented by the cloud provider. It works in Azure even though they have no virtual tapping service in the network. And as an added benefit CloudLens also works consistently in a multi-cloud environment (e.g. Azure/AWS/GCP).

Customers of NDR tools love CloudLens because it offers them the data they need to continue the rich and detailed anomaly detection and security threat detection that packets provide.

“The Vectra Cognito Platform is an AI-driven threat detection and response solution that can leverage the raw packet data that Keysight CloudLens provides to alert and stop ransomware and nation-state attacks,” Says Sachin Saranathan, Head of Technology Alliances and Ecosystems at Vectra. “Together with Keysight, we accelerate security investigations with high fidelity and security-enriched data, helping SOC teams to resolve security incidents rapidly and comprehensively, with zero compromises.”

MCS Test are an approved UK partner for Keysight
Content Source: Threat Detection and Response in Azure Environments | Keysight Blogs

You Might also like

Wi Fi 6 E Matters What Is Contention Based Protocol Test

Wi-Fi 6E Matters: What Is Contention-Based Protocol Test?

Every wireless device must obtain approval from the Federal Communications Commission (FCC) before it can be launched in the U.S. and many other countries around the world that follow the FCC.

Read more
The I2 S Protocol and Why Digital Audio is Everywhere

The I2S Protocol and Why Digital Audio is Everywhere

When digital audio was first introduced in the 1970s, it was regarded with suspicion and dismissed as sterile and lifeless. Even today, audiophiles swear by purely analog systems, despite the technical advantages of digital audio quality.

Read more
Guidelines to Redeem and Activate your Path Wave Bench Vue Software License

Guidelines to Redeem and Activate your PathWave BenchVue Software License

PathWave BenchVue software gives you the capability to easily control your instruments and perform in-depth analysis on your measurements. Besides that, the PathWave BenchVue software apps supports more than 700 Keysight Instruments and are continually expanding.

Read more

Sign up for the MCS Newsletter

You will receive all the latest test & measurement news and rental offers.