Establish trust with cloud defense assurance practices
- Eliminate uncertainty and identify gaps by simulating real-world attacks.
- Make smarter choices of security components by measuring impact on security posture.
- Control drift in efficacy of security posture over time.
- Enable control over traffic monitoring across any cloud with intent-based policies.
- Extend traffic monitoring to network edge and Kubernetes.
- Reduce costs of running complex traffic analysis infrastructure.
- Test performance limits of individual network security components in the cloud.
- Find a right balance of security efficacy and performance for your risk profile.
- Build layered defense architecture you can trust.
Security Posture Monitoring
Eliminate Uncertainty and Identify Gaps
In a constant battle between evolving malicious technics and protective measures, the defense often falls behind. As business-critical applications are moving to the cloud, organizations start to realize value of network detection and response (NDR) in addition to traditional cloud security controls.
When both protective and monitoring measures in place, is it possible to identify gaps in their readiness to encounter real-life threats, without waiting for one to occur?
With Keysight Threat Simulator, security teams can safely exercise cloud security defenses by emulating the entire cyber kill chain — phishing, user behavior, malware transmission, infection, command and control, and lateral movement.
Make Smarter Choices of Security Components
Cloud provides instant access to a whole range of security components from various vendors and open-source community. Combined with Pay-as-You-Go model, decisions which options to use become more operational to cope with evolving threat landscape.
It is criteria organizations use for selecting or changing the components that remain strategic.
Best strategies define goals to track execution, with understanding if trusted data can be obtained to make them measurable.
This is why Threat Simulator enables customers to build threat assessments relevant to their risk profile and measure actual security posture against it. Now enterprises are empowered to compare an impact of selected cloud security architecture and its components to the strategic goals.
Control Drift in Efficacy Over Time
Threat landscape is never static. Neither are security defenses. New cyber-attacks are constantly emerging, and misconfigurations are rampant. Traditionally, red/blue teaming and penetration testing are used to maintain readiness and identify weak spots. While these exercises bring high value, they cannot be applied as a daily operational routine.
To scale security exercise practices, an automated attack simulation process with built-in incident reporting loop is required.
Boasting turnkey integrations with leading network security tool vendors — including IBM, Splunk, Check Point, Cisco, Fortinet, Palo Alto Networks, Juniper, and more — Threat Simulator helps your tools work smarter, not harder. Bidirectional communication ensures that your SIEM tools can quickly distinguish simulated cyber security threats from the real thing, while end-to-end validation makes it easy to manage and measure the effectiveness of your infrastructure.
Multi-Cloud Traffic Visibility
Intent-based Visibility Orchestration
Every cloud provider has a unique set of traffic monitoring capabilities SoC analysts ultimately depend on. Coupled with fast-paced cloud adoption, this often creates challenges during response and investigations, as precious time has to be spent on configuring various element of the cloud infrastructure to enable or adjust traffic monitoring rules.
CloudLens enables security operations with a uniform way to quickly and safely deploy or change network visibility policies. It provides intent-based network visibility orchestration, controlling flow collection or packet mirroring from traffic sources in various cloud and hybrid environments to flow collectors or sensors. CloudLens allows you to focus on a monitoring policy you need, and not the means of implementing it.
Traffic Monitoring for Network Edge and Kubernetes
Moving workloads to the edge of the network often leaves them beyond the reach of the existing network detection tools. Bringing monitoring to the edge requires a combination of small footprint with built-in flow exporting and packet filtering capabilities to prevent overwhelming network and sensors with bulk user traffic.
With CloudLens, customers can achieve the same level of insight into network traffic patterns and payloads at the edge as for core cloud deployments, without burden of deploying distributed sensors.
To monitor edge locations, CloudLens creates an encrypted packet brokering overlay network, collecting flows and necessary packets from dispersed traffic sources and forwarding them to traffic sensors at regional security tooling VPCs or on-premises locations.
Using similar methods, CloudLens can facilitate monitoring of inter- and intra-POD communication of Kubernetes clusters.
Monitoring Cost Optimization
In a multi-tool environment, CloudLens reduces the cost of running native cloud mirroring services. By acting as a distributed packet brokering layer between native cloud packet mirror functions and network traffic analysis tools, CloudLens eliminates the cost of duplicate monitoring sessions via built-in replication, filtering, load balancing capabilities.
Network Security Component Testing
Understand Capabilities of Each Component
Each layer of network defenses in the cloud has its own limits. Among them are throughput, packet and session rate, time to detect failure, time to deploy. Often, getting closer to the limits degrades quality of service due to increased latency or packet loss. Understanding these boundaries is critical for delivering excellent customer experience, high security resiliency and uptime.
Keysight enables organizations to stress test and characterize performance of individual network and security functions under mixes of realistic application traffic, combined with malicious activity like exploits, DDoS, malware payloads, command and control communications.
Fine-Tune Security Efficacy for Performance
Security vendors aim for delivering optimal protection for a wide range of applications and environments with acceptable performance. When a customer makes configuration changes to improve defenses in known weak areas of their infrastructure, actual performance of a security component might degrade below critical threshold.
To strike right balance between security and performance, security architects should leverage deep knowledge of application risk profiles in combination with measuring impact of configuration changes.
By using load generation tools from Keysight, customers can emulate realistic application traffic closely matching their application behavior, with granular control over types of injected malicious activity. This enables organizations to better mitigate security risks while keeping confidence in performance and user experience.
Validate and Compare Each Layer to Eliminate Weaknesses
As security architects design layered network defenses, each individual layer is built to compensate for the weaknesses of another. Can they be sure there is no weak spots that overlap between different components? Ad-hoc, manual testing methods lack coverage needed for such assurance.
By using Keysight capabilities to repeat the same sets of attacks from an extensive library over different types of security components, and compare which attacks passed unnoticed, those overlaps can be spotted and eliminated.
When reliably selected security functions are aligned to provide depth of protection, trust to the system could be finally established.
Uplevel Systems delivers managed IT services to small businesses. Our solution combines customer premise security and networking equipment with AWS cloud based services and a management platform that allows IT consultants to deliver compelling and comprehensive IT services optimized for small business. Monitoring our AWS based VPN hubs and application servers is key to provide our customers a great experience. CloudLens enables us to get the packet level access we need to monitor our application. CloudLens's auto-scaling capability provides us the scale and elasticity to help our business grow.
Tom Alexander, CEO, Uplevel Systems
FireEye is excited to partner with Ixia (now part of Keysight) on its new CloudLens platform to extend our industry-leading visibility and response speed into AWS, Azure, and other public cloud. With our focus on simplifying, integrating, and automating security operations for customers with FireEye Helix, having scalable, native visibility into all cloud services, networks, endpoints, third-party security products enables us to stay ahead of our customer needs.
Martin Holste, CTO, Cloud, FireEye
Moving enterprise workloads to the cloud can create stumbling blocks for security teams, as they no longer have the network packet visibility needed to be effective. CloudLens solves this problem by providing full, easy, and highly-scalable visibility in the public cloud. The joint Ixia (now part of Keysight) and ProtectWise solution provides automated threat detection and unlimited forensic exploration.
Ramon Peypoch, Chief Product Officer, ProtectWise
As a provider of large scale SaaS-based performance management solutions hosted in AWS, AppNeta is very familiar with the challenges associated with obtaining actionable packet-level visibility in the public cloud. We found CloudLens met the elastic demands of public cloud customers in a multi-tenant, self-serve model like ours—and, unlike other solutions we've examined, performed well with minimal overhead. With CloudLens, deploying monitoring solutions in the public cloud occurs in a matter of minutes, not hours or days.
Sean Armstrong, VP of Products, AppNeta
The adoption of public cloud solutions is continuing to grow at a rapid pace. With this comes unique and significant challenges around how organizations ensure the security and integrity of their data and applications. CloudLens solution solves the critically-important problem of providing access to network traffic within and across cloud environments to enable solutions like LogRhythm’s Network Monitor to perform deep packet inspection, rich metadata extraction, analytics, and full-packet capture around cloud-based workloads. Together, LogRhythm and CloudLens give our customers the necessary visibility and threat detection capabilities to instill confidence as they migrate to the cloud.
Matt Winter, VP Business Development, LogRhythm