Get a no cost, no obligation Cloud Risk Assessment Today

Valtix Simplifies Log Management with AWS FireLens Integration


November 14, 2019

If you’ve been keeping up with the developments at Valtix lately, you probably already know about our many integrations with platforms such as AWS.

This includes June 2019, when we introduced an innovative Cloud Native Network Security platform that uses a controller-based architecture to deliver inline network protection that’s equipped to keep pace with the constant change in cloud-workloads and application connectivity demands. We followed this with an announcement of theValtix Cloud Transit with AWS Transit Gateway support — another major milestone.

Our newest partnership with AWS involves their new FireLens, which collects logs across all AWS container services — such as Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), and self-managed Kubernetes on Amazon Elastic Compute Cloud (EC2) — and then consolidates them into a single log stream for a more unified management approach.

This is welcome news for a number of reasons. Here’s why:

Valtix Cloud Controller is a SaaS service that runs on top of AWS. Designed for multi tenancy, it manages the lifecycle of the EC2 instances for Valtix Cloud Firewall in the customer’s AWS accounts, and has 2 use cases for logging. Controller logs are stored in CloudWatch™ — the monitoring and observability service for AWS environments — with Valtix using ElasticSearch for customer threat events and CloudWatch for metrics.

Although Valtix Controller runs on top of ECS and EKS, ECS has a native CloudWatch integration, while EKS does not. To counter this, Valtix can now leverage FireLens in our EKS deployment in order to integrate these critical Controller logs.

Keep in mind that no customer traffic is sent to the Valtix Controller — the messages exchanged between Valtix Controller and Valtix Cloud Firewall EC2 instances include events and telemetry.

However, Valtix Controller still has to store the events securely. In addition, Valtix has to implement integrations with other SIEM providers (such as Splunk, Datadog, Sumo Logic, etc.) to export events for customers to consume.

Until now, our developers were implementing these integrations and the routing for each provider individually. Today, with this new compatibility with Fluentd and AWS FireLens, many of these integrations are inbuilt and can be operationalized through config files.

The result is a simplified log management setup, accelerated incident response, and a more organized storage of compliance records.

We’re excited that Valtix is a part of the new FireLens preview program, furthering our AWS integration capabilities to an even higher level.

Want to give Valtix a try for yourself? We’d love to set up an evaluation for your organization.

Take a test drive of Valtix Security Platform today.Click here to find out more.