Traffic visibility is a crucial component in securing a business and keeping systems operational. Organizations have made significant investments in specialized tools that ingest and analyze packet-level data for on-premise data centers. However, network monitoring has been blinded in the cloud.
With compute resources, application development and core business systems moving to the cloud, IT teams are no longer able to properly acquire, process and distribute packet-level cloud traffic to their selected tools. Consequently, the move to the cloud creates significant blind-spots and loss of ROI on vital tools that are powerless without access to packet-level cloud data.
Garland Prisms is a Software as a Service (SaaS) platform that provides complete packet visibility into any public, private, or hybrid cloud environment. Garland Prisms mirrors packets within a cloud instance and forwards them to security and analysis tools. Garland Prisms has a split SaaS architecture comprised of central control: Prisms Cloud Console and Cloud Agents (also referred to as Prisms). The control plane is split between the Prisms Cloud Console and Cloud Agents. The architecture is designed to be secure and robust.
The diagram below shows a sample deployment in an AWS cloud environment, but can also be done in Google Cloud and Microsoft Azure. Cloud Agents filter and mirror traffic based on mirroring policies. Policies are comprised of source groups, connections, and destinations which users define using the Cloud Console.
When any instance containing a Cloud Agent launches, the agent will automatically connect to the Prisms Cloud Console and register itself, obtain configuration updates, and automatically install software updates when upgrades are available. Prisms Cloud Agents use HTTPS to make REST API calls to the Cloud Console, with control traffic always originating at the agent. Data plane traffic (mirrored filtered traffic) is routed based on the users’ network configurations. Mirrored packets are never sent to the Cloud Console. The control plane does not directly modify, nor does it require the user to modify networks or security setting, save for allowing outbound HTTPS (TCP port 443) from subnets containing Cloud Agents.
Users have praised Garland Prisms for its ease of use and simplicity. In under 5 minutes you can add Garland Prisms to a virtual machine in a virtual environment whether it is AWS, Microsoft Azure, Google Cloud, or a private or hybrid cloud environment. You can designate tools such as Wireshark, that you want to inspect the data and then create a connection to the tools.
The process is simple: