Thanks to the cloud, companies of any sizes are able to take advantage of nearly unlimited resources almost instantaneously. With the increase in cloud adoption, enterprises are also finding themselves needing to keep up with development. Automation has always been a key component in helping teams improve their operational processes. This is especially true when talking about the cloud. Not only do development team need to leverage automation, but security and networking needs to move with it. Serverless functions help leverage elastic and flexible security design that can help automate tasks on demand. Combined with FortiGate, customers can automate security threats from within their cloud infrastructure while enjoying the consistent security protections whether on premise or in the cloud.
With the introduction of VPC Port Mirroring in AWS, customers can now inspect, and mirror traffic sent to an elastic network interface (ENI). Using FortiGate with VPC Port Mirroring, AWS customers can detect network & security anomalies and gain visibility in a scalable way. FortiGate can be enabled in sniffer mode out-of-line so that FortiGate can still detect threats without impacting performance. Traffic sent to an instance is mirrored to the FortiGate (can be mirrored to a Network Load Balancer (NLB) and delivered to FortiGate)
From there, policies can be created to capture certain events with logs enabled.
In the diagram above, logs are captured from FortiGate and sent to Fortinet’s advanced analytics solution, FortiAnalyzer, for analytics and central logging. Customers can then create event handlers that can granularly filter out events gathered from FortiAnalyzer. Further actions can then be taken from these Event Handlers.
In our case, we will use these event handlers to automate an action in FortiGate. FortiGate enable customers to use automation stitches to easily automate their environments without requiring advanced programming knowledge. Customers can enjoy automated actions deployed via FortiGate’s extensive REST API or easily through the UI using automation stitches. Using FortiGate’s automation stitches, we can use event handlers from FortiAnalyzer to call a Lambda function.
As a result, the Lambda function will be invoked and move the affected instances to an isolated Security Group auto-magically.
In summary, the rise of cloud services has made it easier for development teams and security teams to work together to leverage cloud-native services to automate and integrate security into the development lifecycle as well as security processes. While it is okay to use the lift and shift method when moving to the cloud at the initial stage, companies should strategize to how they can insert automation services within their design to help optimize their ROI.
You can watch a demo here
AWS VPC Port Mirroring Limitations:
https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-considerations.html
To Learn more about FortiAnalyzer, please click here.
To Learn more about FortiGate, please click here.
To join our FUSE community, please click here.
Subscribe to our Youtube community here!
Reference: Emmanuel Rabatan – “Using ENI mirroring to filter VM traffic in large deployments”