• Support
  • Forums
  • Blogs

USM for AWS capable for NIDS

FusionITSecurityFusionITSecurity

Based on recent request from PCI-DSS auditor, we are required to have NIDS in place to prevent attacker who may have compromised to a machine from further exploitation to all other instances within the internal network. 

Please may i know if NIDS is available on USM for AWS version when monitoring internal traffic between AWS's EC2 instances ?

Much appreciated for any guru or expert's advices.


Share post:

Answers

  • Fusion IT Security,

    AWS does not support Promiscuous monitoring, nor does it allow an instance to view the network traffic for other instances.  You can find documentation for this on AWS’s site such as the following page where under the title “Packet Sniffing” they mention you can’t see network traffic for other devices. 


     Due to this limitation from AWS, the USM for AWS product does not offer a NIDs solution for AWS.  Please note you can still gain insight into your network traffic  by enabling things like VPC flow logs or having either a host or in-line firewall.  With any of those options you can send the logs to the USM for AWS product
    tracy.dangerzparkerkratos
  •    As @kcoe has mentioned,

    USM Anywhere does not have NIDS in the same sense that USM Appliance does; this is because with 'cloud' deployments, you are already, essentially, deploying to a more 'secure' environment. With cloud deployments (AWS / Azure), you cannot simply deploy 'anything you want', since they must have an image available for you to deploy. 


       With that said, if you have a VmWare or Hyper-V Anywhere Sensor, the ability does exist; but not with an AWS or Azure deployment. You can still gain insight in to you network with VPC's :: 

             "...You can find documentation for this on AWS’s site such as the following page where under the title “Packet Sniffing” they mention you can’t see network traffic for other devices. https://aws.amazon.com/answers/networking/vpc-security-capabilities/ ;  "


       Additionally, pending the type of device you are trying to monitor, it may be worthwhile to leverage OSquery with your USM Anywhere Sensor :: 


       
       Regards,

    - kratos


Sign In or Register to comment.