Virtual fiber tap

UPDATED Amazon Web Services (AWS) is making it easier for customers to capture and inspect network traffic in the cloud in order to guard against anomalies or potential attacks.

Launched this week, VPC Traffic Mirroring will allow users to mirror traffic in private clouds natively and at scale.

Support for the technology allows AWS customers to send copies of virtual private cloud (VPC) traffic on particular EC2 instances to security and monitoring appliances of their choice.

The technology is already supported by third-party vendors including Palo Alto Networks, ExtraHop, Netscout, Riverbed, Vectra, and others.

The increased visibility that the technology offers has applications beyond attack detection and response.

Users can equally use it to troubleshoot problems or as a way of introducing improved compliance and security controls, as explained in a blog post by Jeff Barr, chief evangelist for AWS.

The cloud computing giant’s arch competitor, Microsoft Azure, already offers (in preview form) a comparable technology for packet capture called virtual network TAP.

The big difference between the two technologies is that AWS doesn’t require software agents, according to AWS engineer Nick Matthews.

Private clouds allow corporates to operate their computing systems and apps from the cloud rather than via in-house servers.

Cloud security specialist Chris Farris welcomed the launch of the technology.

“Anything I can automate at the Cloud-API-Layer is a win,” he said. “Agents are more work to deploy and have potential (or the perception of potential) performance impacts.”

Asked about AWS’s development by The Daily Swig, industry analyst Clive Longbottom described it as a “start” while adding that “much more” from cloud providers including AWS was needed.

Such technology “should have very low network/app performance impact” and “should also be able to add scripts on top for trigger actions”, according to Longbottom, founder of analyst house Quocirca. “[I] haven’t seen same in Azure; pretty sure GCP doesn’t have it,” he added.


This story was updated on June 27 to add comment from industry analyst Clive Longbottom