Utilizing NETSCOUT Deep Packet Inspection Technology to Enrich AWS Security Logs Data Lake, Built in the Customer’s Account

Black background with curved dark green grids and lines

In a digital-first and hyperconnected world, enterprises seek ways to accelerate their digital transformation while maintaining a strong security posture.

Omnis® Cyber Intelligence (OCI) is a platform for Advanced Network Threat Detection and Response that helps security teams easily detect, validate, investigate, and respond to threats. 

NETSCOUT OCI's cloud-first approach to cybersecurity investigation helps companies manage threats across increasingly complex hybrid-cloud infrastructures with attack surfaces broadening as applications migrate to environments such as AWS. NETSCOUT OCI integrates with AWS Security Hub and supports a wide variety of AWS native packet acquisition technologies, including Amazon Virtual Private Cloud (VPC) traffic mirroring, VPC ingress routing, Gateway Load Balancer (GWLB), and GWLB endpoint as a target.

These AWS native packet acquisition technologies enable NETSCOUT to efficiently capture packet data traversing the hybrid-cloud environment and simultaneously perform deep-packet inspection and real-time analysis at scale. NETSCOUT’s CyberStream virtual appliance monitors service-critical traffic running within cloud infrastructures and generates Smart Data at its point of collection.

Amazon Security Lake allows customers to build a security data lake from integrated cloud and on-premises data sources as well as from their private applications. Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations. With Security Lake, customers can use the security and analytics solutions of their choice to simply query that data in place or ingest the OCSF-compliant data to address further use cases. Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data.

NETSCOUT’s compatibility with Amazon Security Lake enables it to become a custom source of security findings and detailed security insights into what’s happening in your enterprise, such as Cyber Threats, Security Risks, and Attack Surface Changes. These findings are produced in the Customer Account by NETSCOUT CyberStreams and OCI and then exported to Amazon Security Lake. The data is exported from NETSCOUT OCI into Amazon Security Lake in Open Cybersecurity Schema Framework (OCSF) format. The NETSCOUT OCI exported data also meets the core requirements of an Amazon Security Lake source, including format, schema, partitioning, and performance-related aspects.

The OCSF is a collaborative open-source effort which includes syntax and semantics for common security log events and defines versioning criteria to facilitate schema evolution.

The NETSCOUT OCI Smart Data exported into the Amazon Security Lake enriches it and empowers a variety of AI/ML and other Subscriber Applications to achieve broader Cyberthreat Visibility with better insights and intelligence that result in an enhanced corporate security posture.

NETSCOUT security findings are just one part of an overall ecosystem of data sources and analytics engines. OCSF allows easier coalescing and analytics of findings across EDR, NDR, and XDR platforms. The Amazon Security Lake allows data scientists to work with a common language for threat detection and investigation and enables the correlation of diverse data sets to achieve actionable and comprehensive Cybersecurity intelligence. NETSCOUT is very pleased to support this initiative.

NETSCOUT has proven itself as a differentiated AWS technology partner, having achieved Networking, Migration and Modernization competencies. These competencies demonstrate NETSCOUT’s unique skills in areas across industries, use cases, and workloads.

To grant the designation of Migration and Modernization Competency, AWS validated that NETSCOUT offers unique capabilities in helping enterprise customers migrate applications and legacy infrastructure to AWS. To attain Networking Competency, NETSCOUT demonstrated that it offers a set of specialized application, service, and network management solutions that auto-scale, are aligned with cloud design principles, and make it easier to use networking features in native or hybrid cloud environments.

NETSCOUT is also an AWS Public Sector Partner, validating that NETSCOUT offers cloud-based solutions and has demonstrated experience in supporting government, space, education, and nonprofit organizations around the world.

Learn more about NETSCOUT's solutions with AWS