Sleep More, Worry Less with Automated Detection and Monitoring of New VNets and VPCs Across Your Multi-Cloud Network
by Patrick Bedwell
“The scariest thing in the world is a developer with a credit card”
-CISO, F500 FinTech
VPCs and VNets spinning up without the knowledge of SecOps, NetOps, or CloudOps teams can give CISOs nightmares. All it takes is a few clicks in the Azure portal or AWS console and a developer can have a new instance running in minutes.
When combined with peering (a capability that enables AWS, Azure, and GCP VNets and VPCs to talk to each other directly) and poor credential hygiene (such as storing unencrypted credentials and keys stored in accessible workloads), these rogue instances can expose your multi-cloud network to a range of risks:
- Lateral movement by threat actors across your multiple cloud platforms
- Exfiltration of confidential or regulated data (either by an malicious insider, threat actor, or misconfiguration)
- Massive spikes in data transfer costs due to misconfiguration
Existing Approaches Don’t Make it Easy to Detect Rogue VNets and VPCs
What has caused so much lost sleep is a common characteristic of engineering-led organizations: Dev teams leverage cloud infrastructure at a pace beyond operations teams’ ability to monitor the infrastructure. Until now, there has been no easy way for your ops teams to detect and monitor these new instances across your multiple cloud environments.
The platform-native tools provided by the major cloud vendors can deliver some visibility, such as detecting new instances and enabling flow logs. However, granular control of detection and monitoring of all activity across your multiple clouds isn’t possible with just those tools. It is a massive project to manually configure each platform and navigate the complexities of permissions within each cloud and across clouds, and then stitch together the data.
Third-party applications also fail to provide real-time detection of new VPCs and VNets–CNAPP, CWPP, or CSPM tools are not designed to continuously monitor your network activity in multi-cloud networks, creating significant gaps in your ability to rapidly detect and respond to anomalous or malicious network activity.
Automated Detection and Monitoring of New VNets and VPCs–Easy, Peasy, Lemon Squeezy with Fusion
An Infrastructure Security Architect at one of our customers, a B2B SaaS provider, came to us with a problem: They had thousands of VNets and VPCs and hundreds of accounts across their multi-cloud environment and no way to ensure they were monitoring them all:
“We needed to guarantee that any VPC that lights up in any region will be monitored – because the risk is that a compromise will occur in an unexpected VPC and when we go to investigate, we’ll find out that no logs are available.”
They asked us to add a feature to Netography Fusion® that would solve their problem of having to manually search for new instances across all of their cloud platforms (which was consuming a tremendous amount of their staff time).
Our wicked smart dev team went to work, and we’re happy to tell you that Fusion now can automatically detect, onboard, and monitor new VNets and VPCs. You can sleep peacefully knowing that as part of Fusion continuously monitoring all network activity in your multi-cloud environment, when it discovers new instances (or changes in the behavior in existing instances), it applies policies and begins monitoring their behavior. You no longer have to worry about the risks posed by unmonitored instances, or burning your engineers’ time to try to build a cross-platform monitoring solution.
Detect Activity That Should Never Happen in Your Network
Helping you sleep better isn’t the only reason to take a look at the Fusion platform. We designed it to detect activity that should never happen in your network and Fusion supports a range of use cases, including:
- Compromise Detection: Detect East/West movement within and across your multi-cloud network, decrease dwell time, reduce blast radius, and eliminate threat actors in real-time before they can cause costly operational disruptions or threaten business continuity.
- Network Forensics: Conduct incident investigation and threat hunting with analysis of East/West and North/South activity after a security event or anomalous activity, using context-rich historical data.
- Zero Trust Planning and Enablement: Observe network usage for segmentation planning and pre/post deployment metrics. Monitor trust boundaries within a single location, multiple regions, or globally, and dynamically update the trust boundary rules when you add new segments or modify existing segments.
The Fusion platform is a 100% SaaS platform and eliminates the burden of sensors, agents, or taps. You can significantly lower your TCO while enjoying continuous real-time detection of anomalies and compromises.
To learn more about Netography Fusion take a self-guided tour or contact us for more information or to schedule a demo.