Network packet capture is a maturing capability in the cloud that can provide details necessary for IT teams to identify and resolve performance and security issues faster and more accurately.
A recent survey of IT/Security leaders noted that the primary reasons respondents cited for packet capture are security, troubleshooting, and performance monitoring.
Most respondents (64%) do not have public cloud packet capture capability. The companies that do have packet capture are predominantly using 3rd party tools from Splunk, Netwitness, Carbon Black, Gigamon, and Arctic Wolf Networks. Those that are using packet capture feel that the capabilities they have in place are meeting the needs of the organization.
Hybrid Pathways Insight: Most enterprise organizations require some type of packet capture capability at network perimeters to feed security tools. Many organizations start conservatively using public IaaS and PaaS services, setting up secure connectivity that restricts cloud resources from communicating with the native Internet. If additional network perimeters are not created on public cloud platforms, then packet capture capability is not a priority. Packet capture across public cloud deployments may have immature capabilities and may be prohibitively expensive. Companies with strict security requirements will more likely invest in packet capture capabilities in the cloud. The options will be to take on-prem packet capture and move it to the cloud or wait for the native cloud packet capture capabilities to become more mature. Each cloud provider has varying degrees of packet capture capabilities. Native capabilities have lagged 3rd party solutions and are inherently limited since they do not have access to the physical networking layers of public cloud infrastructure. For example, some native cloud capabilities are not full packet capture and may be limited to flow logs which would not provide enough details for security tools to analyze the application protocols. With some security tools requiring access to full packet data, if your cloud provider(s) do not have fully functional packet capture capability, you may choose to pay to extend your on-prem packet capture. Deployment of packet capture capability in IaaS / PaaS deployments will likely increase as native cloud provider solutions mature and the number of organizations exposing their IaaS / PaaS workloads to untrusted networks increases.
If you company has network perimeters on public cloud platforms, you will want to:
Clarify your organization’s policy and stance on packet capture (what are the security requirements?)
Understand the native capabilities of your cloud provider (full packet?)
Research native packet capture development roadmaps (capabilities and timing)
Map the data that your security tools require for analysis
Assess the costs compared to your company’s appetite for risk
Hybrid Pathways surveys IT/security leaders and chief architects at enterprise companies across industries in New England. The goal is to provide peer experience and feedback that could help with decision making and planning.
The survey questions are initiated by enterprise IT/security leaders. The 2019 survey focused on the areas of cloud orchestration, packet capture across cloud deployments, key management services, encryption to meet New York Department of Financial Services (NY DFS) cybersecurity regulations, data loss prevention (DLP), and cloud access security broker (CASB).
The survey was conducted in November 2019 and this report provides valuable feedback from 22 senior IT/security leaders and chief architects from large enterprise companies.