When it comes to cloud watching, you’re probably thinking that means laying outside in the sun watching clouds float by. That is a form of cloud watching, yes; however, the type of cloud watching I’ll be talking about today is monitoring your network clouds with NetFlow!
Secure Little Clouds
Bob Ross may have been the master of happy little clouds, but I’m going to show you how to be the master of secure little clouds.
Firstly, what exactly is a cloud network? Since cloud networking came into existence a few years ago, there seems to have been an air of mystery around what exactly the cloud is. I’ve heard some people say that, “a cloud is just someone else’s computer,” which, for the most part, is true. Put simply, a public cloud provides a multi-tenant storage environment that is best suited for unstructured data. This data is stored in global data centers with storage that is spread across multiple regions. AWS, Google, and Apple seem to have cornered the market on this, so you have an easy way to access your files no matter where you are. I could get into the particulars of clouds, but instead I will point you to this article by TechTarget.
Next, we know that when it comes to network security, visibility is a must. To get the best visibility possible, we can use NetFlow. Great! But how exactly do we go about monitoring the cloud with NetFlow?
Monitoring Your Cloud
With the latest and greatest improvements in Scrutinizer, we can now monitor AWS information! Also, we can view CDN (content delivery network) traffic, which can otherwise be difficult to monitor. What does monitoring these look like? Let me show you!
First, let’s look at CDN traffic. Clouds use CDN, but malware also uses it in order to hide their communications. This can make things a bit tricky when it comes to monitoring traffic—if we try to look up certain IPs from domains such as YouTube or Google, the reverse lookup will come back with something like “1e100.net,” which is not at all helpful. Using our FlowPro Defender and Scrutinizer, we can see reverse lookups in plain text.
Pretty helpful stuff! My colleague Jake goes in to more detail in this blog here.
Now for monitoring AWS information. Using the AWS API engine, we can construct flow elements very similar to NetFlow and IPFIX, which lets us monitor the traffic on our AWS instance. We can see elements such as source and destination IPs, AWS interfaces, and even account IDs. This is a subject that my colleague Jimmy D touched upon in a blog as well, which you can read here.
If you want to test out Scrutinizer or the FlowPro Defender for yourself, you can do so by going to our products page and downloading trials of each one.
As always if you have any questions for us, do not hesitate to reach out!