Feature Release | 4 min read

Introducing Connection Analysis: Unveiling Hidden Network Insights

Written by Lea Edelstein, Head of Product
July 31, 2024

As cloud environments grow in complexity, having a clear view of the intricate relationships between cloud assets across your infrastructure is not just a luxury—it’s a necessity. That’s why we’re so excited to announce Sweet’s latest feature: Connection Analysis

Connection Analysis provides unparalleled visibility into your cloud network, offering detailed insights into every connection within and outside your environment. This strengthens detection and response capabilities and supports hardening measures, such as risk and identity management.

Unmatched Visibility with eBPF and Cloud Data Integrations

Sweet’s Connection Analysis not only leverages the advanced capabilities of eBPF (Extended Berkeley Packet Filter) but also integrates logs and information from cloud providers. This combined approach allows us to comprehensively map all connections within your cloud environment, including applications running in Kubernetes, virtual machines, and managed services. The feature also provides detailed data for each connection, including:

  • Service-to-Service Connections: Understand how different services within your environment communicate with each other.
  • External Connections: Identify and analyze connections to external entities, including details about the country of origin and DNS information. This capability helps in assessing the security of these external connections, particularly those that may be malicious or unwelcome.
  • Port Information: Gain insights into which ports are being used for specific connections, aiding in security and performance assessments.
  • Connection Classification: Categorize connections based on their context, such as cross-cluster, cross-namespace, cross-account, and external IP connections. This involves identifying if communications are staying within your cloud account, such as within AWS, or going out to the Internet. It also includes mapping interactions with cloud services like Azure Blob Storage, Google Cloud Pub/Sub, and Amazon RDS over recognized public IP ranges.

 

Explore your cross-clusters connections, regional connections, most chatty applications, and more.

Explore your cross-clusters connections, regional connections, most chatty applications, and more.

Key Use Cases for Connection Analysis

Connection Analysis is essential for enhancing security, optimizing network performance, and ensuring compliance. Here are some of the main use cases:

  1. Detecting Unusual or Unauthorized Connections: With detailed monitoring, you can quickly spot connections that deviate from the norm, such as unexpected external connections to sensitive services or unusual internal traffic patterns. For example, if a service within your environment starts communicating with an external IP address in an unfamiliar country, this could be an early indicator of a security breach or data exfiltration attempt.
  2. Investigating Security Incidents: In the event of a suspected security incident, Connection Analysis provides the necessary visibility to trace the origin and path of potentially malicious traffic. For instance, if an alert is triggered due to suspicious activity, you can use the tool to map out all connections made by the compromised service, identifying other services or external entities that may have been affected.
  3. Strengthening Network Hardening: By providing a comprehensive view of all internal and external connections, Connection Analysis helps identify potential vulnerabilities and misconfigurations. For example, if a sensitive service is found to be accessible through a non-essential open port, this insight can prompt immediate action to close the port and enhance security posture.
  4. Enforcing Network Segmentation: Connection Analysis enables organizations to enforce strict network segmentation policies by clearly mapping out communication between different segments, such as clusters, namespaces, and accounts. This visibility ensures that only authorized connections are permitted, thus reducing the attack surface and preventing lateral movement in the event of a breach.

Complementing Existing Capabilities

Connection Analysis complements Sweet Security’s existing features, offering a new perspective on network security:

  1. Full Topology View: This feature provides a comprehensive map of your cloud environment, allowing you to save time and automatically identify what is running, how it is communicating, and the complete communication pathways. The map also allows you to focus on specific areas of your cloud architecture using filters, such as isolating traffic related to particular databases or applications.
  2. Inventory of the Environment with Risk Indicators: Our inventory feature provides a detailed overview of all the services and applications in your environment, along with risk indicators for each. This helps prioritize security efforts and manage potential vulnerabilities effectively. 

 

With Connection Analysis, Sweet Security continues to empower organizations with the tools needed to secure and optimize their cloud environments. We know that understanding the connections between your services, clusters, and external entities is crucial for maintaining a secure and efficient infrastructure. By leveraging eBPF and integrating cloud provider data, we provide deep visibility into network connections, helping you uncover hidden insights and take informed actions. 

Stay tuned as we continue to innovate and enhance our platform to meet the evolving needs of the cloud security landscape. For a deeper dive into our Connection Analysis feature and to see it in action, visit our website or contact our team for a demo.

Share

Popular Posts

Feature Release

Customized Rules for Enhanced Threat Detection and Response

Sweet is excited to announce our new custom rules detection capability for CDR and ADR, which allows users to build customized rules according to their specific threat landscape.  Easily create custom rules or exclude findings within a minute, without using complex query language, through a selection of predefined options: Generate New Custom Findings: Create a […]

Or Harel | 5 min read
Read More
Feature Release

Enhance SBOMs with Runtime Security Insights

We are excited to introduce the latest addition to Sweet’s security platform: the Runtime SBOM (Software Bill of Materials). This groundbreaking feature offers a detailed view of all the packages in use within your environment, coupled with critical security insights. Feature Highlights Comprehensive Package Inventory: Get a complete list of all packages in use across […]

Lea Edelstein | 2 min read
Read More
Feature Release

Introducing Sweet Security for Hybrid Cloud Environments

Sweet Security is thrilled to announce comprehensive support for on-premises and private cloud environments. This expansion enhances our existing capabilities for all major cloud platforms—Azure, AWS, and GCP—and virtual machines (VMs) such as AWS EC2s, Google Compute Engine, and Azure Virtual Machines. Enhancing Cloud Application Security with Support for Hybrid Environments Application environments are complex. […]

Lea Edelstein | 2 min read
Read More