New Feature in AWS: Traffic Mirroring
Now security analysts are able to collect data fast and flexibly with a new feature. Traffic Mirroring in AWS has given an ability to transfer the traffic to a SIEM (like Splunk) and analyse it. This is targeted for cases when you need:
-to analyze the actual packets to perform a root-cause analysis on a performance issue,
-to reverse-engineer a sophisticated network attack
-to detect and stop insider abuse or compromised workloads.
Traffic Mirroring helps to filter users that display suspicious activities: try to access from outside, DDoS attack, scan or brute force directly in the AWS environment by optimizing time and reacting to threats faster.
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
How to detect CobaltStrike Command & Control communicationBy Bogdan VennykCobaltStrike became part of the Cybercrime’s “toolset” almost in every Company breach. This growth is explained by the fact that CobaltStrike was leaked multiple times and became more...
Detecting DGA domains: Machine Learning approachBy Alexander RagulinIn this post we are going to take a look at Domain Generation Algorithms (DGA) and an interesting way to detect them with the help of Deep Learning (LSTM neural net, to be precise). DGA domains are...
Supply Chain Cyber-Attack Risk Mitigation for Software Tech firms and Insurance domainSupply Chain Cyber Resiliency is emerging as one of the top risk management challenges needing addressed by the InfoSec industry in 2021By Nazar TymoshykCEO at UnderDefenseCurrent...