As cloud environments grow in complexity, having a clear view of the intricate relationships between cloud assets across your infrastructure is not just a luxury—it's a necessity. That’s why we’re so excited to announce Sweet’s latest feature: Connection Analysis.
Connection Analysis provides unparalleled visibility into your cloud network, offering detailed insights into every connection within and outside your environment. This strengthens detection and response capabilities and supports hardening measures, such as risk and identity management.
Unmatched Visibility with eBPF and Cloud Data Integrations
Sweet’s Connection Analysis not only leverages the advanced capabilities of eBPF (Extended Berkeley Packet Filter) but also integrates logs and information from cloud providers. This combined approach allows us to comprehensively map all connections within your cloud environment, including applications running in Kubernetes, virtual machines, and managed services. The feature also provides detailed data for each connection, including:
- Service-to-Service Connections: Understand how different services within your environment communicate with each other.
- External Connections: Identify and analyze connections to external entities, including details about the country of origin and DNS information. This capability helps in assessing the security of these external connections, particularly those that may be malicious or unwelcome.
- Port Information: Gain insights into which ports are being used for specific connections, aiding in security and performance assessments.
- Connection Classification: Categorize connections based on their context, such as cross-cluster, cross-namespace, cross-account, and external IP connections. This involves identifying if communications are staying within your cloud account, such as within AWS, or going out to the Internet. It also includes mapping interactions with cloud services like Azure Blob Storage, Google Cloud Pub/Sub, and Amazon RDS over recognized public IP ranges.
Key Use Cases
Connection Analysis is essential for enhancing security, optimizing network performance, and ensuring compliance. Here are some of the main use cases:
- Detecting Unusual or Unauthorized Connections: With detailed monitoring, you can quickly spot connections that deviate from the norm, such as unexpected external connections to sensitive services or unusual internal traffic patterns. For example, if a service within your environment starts communicating with an external IP address in an unfamiliar country, this could be an early indicator of a security breach or data exfiltration attempt.
- Investigating Security Incidents: In the event of a suspected security incident, Connection Analysis provides the necessary visibility to trace the origin and path of potentially malicious traffic. For instance, if an alert is triggered due to suspicious activity, you can use the tool to map out all connections made by the compromised service, identifying other services or external entities that may have been affected.
- Strengthening Network Hardening: By providing a comprehensive view of all internal and external connections, Connection Analysis helps identify potential vulnerabilities and misconfigurations. For example, if a sensitive service is found to be accessible through a non-essential open port, this insight can prompt immediate action to close the port and enhance security posture.
- Enforcing Network Segmentation: Connection Analysis enables organizations to enforce strict network segmentation policies by clearly mapping out communication between different segments, such as clusters, namespaces, and accounts. This visibility ensures that only authorized connections are permitted, thus reducing the attack surface and preventing lateral movement in the event of a breach.
Complementing Existing Capabilities
Connection Insight complements Sweet Security’s existing features, offering a new perspective on network security:
- Full Topology View: This feature provides a comprehensive map of your cloud environment, allowing you to save time and automatically identify what is running, how it is communicating, and the complete communication pathways. The map also allows you to focus on specific areas of your cloud architecture using filters, such as isolating traffic related to particular databases or applications.
- Inventory of the Environment with Risk Indicators: Our inventory feature provides a detailed overview of all the services and applications in your environment, along with risk indicators for each. This helps prioritize security efforts and manage potential vulnerabilities effectively.
With Connection Analysis, Sweet Security continues to empower organizations with the tools needed to secure and optimize their cloud environments. We know that understanding the connections between your services, clusters, and external entities is crucial for maintaining a secure and efficient infrastructure. By leveraging eBPF and integrating cloud provider data, we provide deep visibility into network connections, helping you uncover hidden insights and take informed actions.
Stay tuned as we continue to innovate and enhance our platform to meet the evolving needs of the cloud security landscape. For a deeper dive into our Connection Analysis feature and to see it in action, visit our website or contact our team for a demo.