The cloud. Once a favourite of futurists imagining fantastical, always-accessible global networks, now a part of our every day. Cloud networking is the lynchpin of our modern society. We depend upon it for just about everything – including payments – and the security challenges that once curbed its use have gradually been addressed.
Still, concerns for cloud security – like actual clouds – linger ever-presently. It is a concern shared by both network managers – those responsible for ensuring the performance and security of networks – and everyday users, who, by imagining cloud networking and storage as something less tangible, less secure, waver in their total adoption of it.
To secure the cloud, we must be able to watch it; to observe network traffic, NetFlow and otherwise, as we would that of an onsite network. Cloud networking is no longer the opaque term it once was, but for purposes of this piece, some clarification is worthwhile.
Cloud networking is an affordable alternative to physical networks: purchased hardware and data servers, housed on-premises and manually protected from intrusion and tampering. Examples include AWS and Google. These are global networks housed within enormous data centres, capable of serving the needs of millions of networks, websites, applications, etc. It means companies are no longer required to purchase expensive hardware upfront. Instead, their network is hosted elsewhere and accessed remotely via the cloud – as a part network solution or complete network solution. Network’s data is stored within these centres, and traffic flows through it as it normally would. Ultimately, cloud networking is about accessibility and ease. As organisations – and their customers and services – grow more distributed, so must their networks.
But here’s the rub. We generally fear more that which we cannot see: the obstacle that cloud networking has traditionally presented is one of visibility. The data might be stored elsewhere, and the traffic routed through offsite servers, but network managers must have the same control.
Scrutinizer by Plixer
This is now possible through Scrutinizer: a network traffic monitoring and analysis platform from Plixer. With Scrutinizer, it is possible to monitor AWS traffic – and even CDN traffic, which is historically difficult to do – and collate the information and insight gathered with that of other traffic for a complete, holistic view of network performance and security. Malware, for example, can hide in CDN traffic; if searching for certain IPs from domains such as YouTube or Google, the reverse lookup will return with unhelpful information. With Scrutinizer, however, reverse lookups can be viewed in plaintext (in this case, revealing the website’s URL).
Similarly, monitoring AWS information, Scrutinizer is able to construct flow elements similar to that of NetFlow and IPFIX. These elements include source and destination IPs, AWS interfaces and account IDs.