Amazon: AWS Log Reporting

I was having a conversation with a customer the other day about Amazon AWS monitoring.  He had some interesting insight on his company’s overall migration to Amazon Web Service (AWS). He started with, “Here’s the core of it, cloud based deployment isn’t going away for us. Though there are no directives, by this time next year I’m expecting all but two of our public-facing applications to be sitting outside of our buildings.”  He even went on to say, “There’s a very real possibility that within 2-3 years we decommission half of our computer rooms”. Needless to say, any application that they use for network visibility and incident response needs to support Amazon AWS monitoring. I loved his input and because of it I decided to dig deeper. Continue reading “Amazon: AWS Log Reporting”

Cyber Incident Response Plan (Part 2)

In my previous blog, I talked about the value of having a cyber incident response plan.  An important factor in a plan like this is having complete visibility into the traffic that is coming across your network. As I mentioned in my previous post, using flow technologies like NetFlow and IPFIX  is an effective way of providing this type of visibility. The truth is that when an incident occurs, having that level of detail is absolutely required, but what about the other 90% of your network monitoring time? How can you monitor for specific events? Continue reading “Cyber Incident Response Plan (Part 2)”