A security infrastructure is only as resilient as its weakest point. Security experts recommend that modern organizations take a layered approach to their cloud security methodologies. To minimize breach potential and vulnerabilities, industry best practices dictate that IT teams strategically layer and optimize a combination of deterrent, preventive, corrective, and detection tools.

Combining CloudCheckr and AWS for Greater Visibility

CloudCheckr is an SaaS-hosted cloud tool that can be deployed as a mitigation strategy against the constant-consumption model of public cloud providers by generating, in real-time, monitoring and filtering capabilities. CloudCheckr becomes your “single pane of glass” into the complexities and blind spots of your cloud environments, providing the following data:

  • Cloud Spend: Side-by-side comparisons and predictive spend reports that identify inefficiencies and risks at a glance
  • Performance Analytics & Comparison Metrics: Usage analytics identify underperforming databases and over-provisioned instances
  • Resource Inventory & Utilization: Resource usage metrics identify which tools are experiencing excessive resource strain or underutilization
  • Security & Compliance: Auditing tools check permissions levels and compare your security practices against the corresponding public cloud provider recommendations
  • Alerting & Self-Healing: Automation tools invoke self-healing actions based on its gathered analytics and your predetermined parameters

Most important to note here is where CloudCheckr siphons that actionable data from. Public cloud platforms, like AWS, intrinsically house all the information listed above, but that aggregate data is not presented intuitively or ranked by critical priority. Arguably, your cloud technicians could find everything in the list above, but they would have to go digging for it extensively. And even then, they wouldn’t have automatic alerting or automation control in place.

Rather than leave you to manually extract what you need, CloudCheckr plays visibility window, traffic cop, security guard, and on-call technician all at once. But even the very best of technologies can’t be expected to catch everything that slips through your firewalls. This is where the layering aspect of cloud security comes in.

Adding an Additional Layer of Cloud Security with Gigamon

As a top pervasive visibility platform that provides a single access point into your network traffic data-in-motion, Gigamon is ADAPTURE’s recommended secondary layer for AWS traffic monitoring, security, and control.

Gigamon directly integrates with your company’s networks, tools, and applications to provide consistent visibility into your data-and-traffic-in-motion, including on-premise, hybrid cloud, and public (AWS). Like CloudCheckr, Gigamon enables companies to make smarter decisions about their network and security operations by:

  • Integrating with your AWS APIs to identify instance inventory and network configuration metrics
  • Providing on-demand visibility as workloads scale to demand
  • Aggregating and applying traffic intelligence (automation) using a service-chained set of nodes:
    • Flow Mapping that allows for the selection and filtering of traffic
    • Slicing to reduce packet size at a specified offset to conserve network backhaul
    • Sampling to conserve network backhaul by selecting customized packet rates
    • Masking to provide compliance and privacy of traffic by masking specific offsets
  • Distributing traffic more efficiently to cloud-based tools and instances
  • Leveraging and comparing cloud spend metrics for greater network performance

As compared to CloudCheckr, however, Gigamon does not rely on the aggregate data collected by AWS. Instead, Gigamon has its own monitoring and visibility architecture that collects, scans, alerts to, and disinfects incoming traffic. Whatever CloudCheckr + AWS may have missed on the first round, Gigamon will find it in its secondary, independent sweeps.

Gigamon provides its own perspective by positioning itself between the production network and the AWS tools for monitoring and managing cloud processes. From there, the Visibility Platform analyzes incoming traffic and data packets, working to filter, replicate, and strategically forward that traffic, ensuring that only relevant data is delivered to the correct tools (also granting you the visibility needed to optimize your environment without having non-relevant traffic impacting your operations).

Strategic Layering for Unhampered Visibility

CloudCheckr and Gigamon have the same goals; they just accomplish them in different ways with both bringing a unique perspective. These scalable centralized visibility platforms enable your IT team to increase efficiency and realize significant cost savings by aiding in optimization and automation—ultimately improving the efficiency of your cloud security tools and granting you a better understanding of what’s really going on in your data.

While there will naturally be some overlap in what CloudCheckr and Gigamon report to you, what you are looking for is the critical fringe data that would have been missed if you had only deployed one of these solutions. In today’s modern environments, that small percentage is sometimes the difference between a data breach and security.

Categories: Cloud, Infrastructure, SecurityTags: , ,