Cloud Network Activity Monitoring

Network Activity Monitoring in Cloud

Before cloud infrastructure came into the market, we have an on-prem environment that contains Firewalls, Switches, Routers, Web application firewalls, Load balancers, Web servers, and Proxy servers.

Usually, these are physical appliances to provide better performance and manageability.

With cloud infrastructure which provided its own advantages, new components introduced API keys, Keyvault, s3 buckets, VPC, Office 365, NAT gateways, network load balancers, and application load balancers, Route 53 aka DNS service.

If your infrastructure is distributed into multiple cloud providers, then it is more complex in terms of additional components introduced which have different roles.

Monitoring the network flow logs is important, but at the same time, it is costly in the terms of storage and retrieval, for example, monitor the vpc flow logs which contain the traffic information from your cloud network to external or from external to your cloud network, prioritize on monitoring the networks which contain critical assets and require to be monitored in the context of regulatory and compliance needs.

Here is a reference document for AWS VPC flow logs

With respect to IAM aka Identity access and management, set up auditing to monitor the changes and follow privileged access management policies and practices.

For example, if you are using AWS, then AWS Identity and Access management access analyzer is a good tool to validate the policies.

AWS cloud trail captures the API calls for IAM.

Monitoring user authentication like from where the user is authenticating, and what resources the user is accessing.

Apart from IAM and VPC, there are different cloud services that can write their flow logs to the provided destination like cloud trail, cloud watch, or to an s3 bucket.

Aggregating and doing analytics on the logs is a complex process, it is costly and needed professionals and tools, each organization has to adopt a suitable method like using a centralized siem solution or an in-house analytics solution.

Having a security baseline process and steps document is vital to start with.

Above is a brief overview of cloud network monitoring.

please check “Cloud security