As enterprises accelerate their digital transformation, they rely more and more on the cloud’s elasticity and economies of scale to effectively achieve their business objectives. As they accelerate their workload migration to the cloud, however, the complexity of their hybrid infrastructure and attack surface increases.
The new hybrid infrastructure is composed of multiple domains and relies on a variety of geographically dispersed networks, clouds, services, and technologies—including wireline and wireless—and a plethora of tools. The borders across these domains inhibit visibility and make it harder to detect, analyze, and mitigate threats. Operational overhead and cost to business is compounded as the power, sophistication, and frequency of threats increase daily. Whatever the motivation, cyberthreats can cause severe financial harm and reputational damage and can disrupt business continuity. Strengthening the security posture and reducing business risk, therefore, requires a smart solution to illuminate threats everywhere, anywhere, at any time.
To address these challenges, NETSCOUT collaborated with Amazon Web Services (AWS) to provide first-of-its-kind end-through-end visibility across the hybrid cloud to efficiently mitigate security risks, while decreasing operational overhead. NETSCOUT integration with AWS Security Hub enables IT teams to scale business protection as infrastructure complexity grows, quickly, effectively, and efficiently detecting and mitigating risk associated with cyberthreats, whether on premises or in the cloud.
Cyberthreats and insights detected by NETSCOUT Omnis Cyber Intelligence (OCI) are displayed in AWS Security Hub, where security teams can quickly and easily execute highly contextual drilldowns into a robust set of metadata and packets to investigate these events further.
AWS Security Hub acts as a single location that aggregates, organizes, and prioritizes security alerts or findings from multiple AWS services and now, also, from NETSCOUT OCI. It serves as a compliance center for AWS customers and is designed as the first stop where AWS-focused security and compliance professionals go each day to understand their security and compliance state and see the “findings” of vendors that integrate into the hub.
As part of the integration, NETSCOUT is classified as a Findings Provider that sends its findings to Security Hub from within the AWS customer accounts.
The foundational technology that empowers NETSCOUT’s collaboration with AWS is virtual private cloud (VPC) traffic mirroring. Applying this technology in a variety of enterprise use cases in AWS enables practical, affordable, and scalable access to packet data for end-to-end security visibility in the hybrid cloud. For example, using seamless integration with AWS Gateway Load Balancer, NETSCOUT vSTREAM appliances can effectively access inter- and intra-VPC packet data traffic at scale and convert it into smart data, which OCI uses to deliver effective and cost-efficient vulnerability reports and threat detection as well as highly contextual, real-time or historical investigation capabilities to enterprises.
The NETSCOUT OCI platform uses a combination of smart data, derived from packet data (cloud, on-premises, and network edge), and indicators-of-compromise data based on NETSCOUT ATLAS Intelligence Feed and third-party threat intelligence feeds using STIX/TAXII. The combined data set enables security operations center (SOC) admins to detect and conduct highly contextual investigations of security risks and cyberthreats.
NETSCOUT OCI integration with AWS Security Hub increases security team productivity and enables security teams to intelligently reduce the risk associated with cyberthreats and attacks across complex hybrid cloud environments. The integrated solution also enhances SOC productivity by reducing the effort associated with collecting and prioritizing security findings and enabling integrated, context-rich, real-time, or historical investigations.
The strong technology alliance between NETSCOUT and AWS, combined with NETSCOUT OCI integration with AWS Security Hub, helps enterprises effectively improve their corporate security posture.
For additional information please refer to the press release “NETSCOUT Omnis Cyber Intelligence Integrates with AWS Security Hub” and check out the NETSCOUT OCI listing on AWS Marketplace.