Before you can deploy Security Analytics in the Amazon Web Services (AWS) you need to:
- Understand the requirements of your enterprise.
- Know the scope of a Security Analytics deployment.
When you are ready to begin deployment:
- Make sure that you have a Security Analytics"Throughput" license.
For packet capture in AWS, you can purchase either of the following Third-Party solutions. If you engage one of these third-parities, they will assign an account representative and a professional services engineer to you who will work closely with RSA staff.
- Use Chrome for your browser (Internet Explorer is not supported).
AWS Environment Recommendations
AWS instances have the same functionality as the Security Analytics hardware hosts. RSA recommends that you perform the following tasks when you set up your AWS environment.
- Based on the resource requirements of the different components, follow best practices to use the system and dedicated storage Elastic Block Store (EBS) Volumes appropriately.
- Make sure that compute capacity provides a write speed of 10% greater than the required sustained capture and ingest rate for the deployment.
- Build Concentrator directory for index database on the Provisioned IOPS SSD.
AWS Deployment Scenarios
The following diagrams illustrate some common AWS deployment scenarios. In the diagrams, the:
- GigaVUE Series (Gigamon® Solution), in combination with Tunneling (created by the Security Analytics administrator), facilitates packet data capture in AWS.
- CloudLens™ (Ixia® Solution) through Ixia clients and the CloudLens Docker installed on the Decoder, facilitates packet data capture in AWS.
- Decoder collects packet data. The Decoder captures, parses, and reconstructs all network traffic from Layers 2 – 7.
- Log Decoder collects logs. The Log Decoder collects log events from hundreds of devices and event sources.
Concentrator indexes metadata extracted from network or log data and makes it available for enterprise-wide querying and real-time analytics while facilitating reporting and alerting.
- Security Analytics Server hosts Incident Management, Reporting, Investigation, Live Content Management, Administration and other aspects of the user interface.
Full Security Analytics Stack VPC Visibility (Packet Solution)
This diagram shows all Security Analytics components (full stack) deployed in AWS.
Hybrid Deployment - Decoder and Log Decoder (Packet Solution)
This diagram shows the Decoder and Log Decoder deployed in AWS with all other Security Analytics components deployed on your premises.
Hybrid Deployment - Decoder, Log Decoder, and Concentrator (Packet Solution)
This diagram shows the Decoder, Log Decoder, and the Concentrator deployed in AWS with all other Security Analytics components deployed on your premises.
You need the following items before you begin the integration process:
- Ixia account (https://login.ixiacom.com/)
- Access to AWS console
- Network rout-able (and proper AWS Security Groups) for the containers to transfer data to the RSA Security Analytics Suite Decoder.
RSA provides the following Security Analytics services.
- Security Analytics Server
- Event Stream Analysis
- Log Decoder
- Remote Log Collector
Table of Contents > AWS Deployment