What are standard tools I should have for monitoring network traffic within vSphere that can use port-mirroring inside a vswitch to analyze traffic? What vendors currently offer these and how do they compare?
Hello,
I think this question will come down to requirements and $s you want to spend. The key is to determine what you need to do first. There are several tools that make sense to use, but not knowing your full requirements, your existing incident response times, it is difficult to recommend any solution. You may just need Splunk or you may need something on the order of RSA Security Analytics. Or you may want to move towards active response tools.
My recommendation is that you take the time to go to RSA Conference (www.rsaconference.com) this April and look around, talk to vendors, etc. there are a myriad of solutions that may work for you. But first go in with your requirements (regulatory + business).
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast
I'm surprised there aren't any replies to this yet.
PacketSled is a network security monitoring, breach detection and forensics platform that runs within VMware, enabling long term retention of rich metadata activity records, and PCAPs. The sensor listens to a mirror port or distributed virtual switch to see inter-guest-VM traffic. It provides natural language search, threat detection and visual analytics. Disclaimer: I'm involved with the company. More info: http://www.PacketSled.com
Or a quick demonstration video here.
Hello,
I think this question will come down to requirements and $s you want to spend. The key is to determine what you need to do first. There are several tools that make sense to use, but not knowing your full requirements, your existing incident response times, it is difficult to recommend any solution. You may just need Splunk or you may need something on the order of RSA Security Analytics. Or you may want to move towards active response tools.
My recommendation is that you take the time to go to RSA Conference (www.rsaconference.com) this April and look around, talk to vendors, etc. there are a myriad of solutions that may work for you. But first go in with your requirements (regulatory + business).
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast
ok thanks again