New Feature in AWS: Traffic Mirroring
Now security analysts are able to collect data fast and flexibly with a new feature. Traffic Mirroring in AWS has given an ability to transfer the traffic to a SIEM (like Splunk) and analyse it. This is targeted for cases when you need:
-to analyze the actual packets to perform a root-cause analysis on a performance issue,
-to reverse-engineer a sophisticated network attack
-to detect and stop insider abuse or compromised workloads.
Traffic Mirroring helps to filter users that display suspicious activities: try to access from outside, DDoS attack, scan or brute force directly in the AWS environment by optimizing time and reacting to threats faster.
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
Russian Cybercriminals "Armageddon Group" Spreading New Tricky Phishing Emails with Great Deanonymization FlowOn April 4, 2022, the government emergency response team of Ukraine CERT-UA has warned of a massive spear-phishing campaign launched by a hacking group...
Splunk ES vs. Elastic (ELK) Stack: Comparison from the SOC Analystby Iryna Yamborska1. What are Splunk ES and Elastic (ELK) Stack? 2. Main Differences Between Splunk ES and Elastic (ELK) Stack 3. Summary Comparison 4. ConclusionThe modern digital and globalized world...
Log4Shell: How to Mitigate Log4j Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104)by Iryna Yamborska1. What is Log4Shell? 2. What makes Log4j uniquely dangerous even though you seem protected 3. Which Version is not affected? 4. How to Mitigate the...