This is why you should use Lightlytics over AWS Access analyzer

Michael Schwartz
Found on CloudWiki:
No items found.


When most organizations think about efficient cloud environment, they are often thinking about cost efficiency, security and Infrastructure as code maintenance – the lower the cost for a functioning, secured, IaC managed cloud setup, the better.
However, there is one thing that’s often overlooked by many, particularly by those outside of the DevOps team that maintains the cloud environment: networking.
The complexity of cloud networking has increased in the past few years, and it seems like it is going to provide challenges in the years to come.
All cloud operations run on an underlying networking setup, which makes networking a very crucial component in every cloud environment.

During re:Invent 2021, AWS announced the VPC Network Access Analyzer. A new tool that uses Network Access Scopes to specify the desired connectivity between your AWS resources.

The Network Access Analyzer is a feature that identifies unintended network access to your resources on AWS. You can use Network Access Analyzer to specify your network access requirements and to identify potential network paths that do not meet your specified requirements. You can use Network Access Analyzer to:

  • Understand and improve network security posture: Network Access Analyzer helps you identify unintended network access relative to your security and compliance requirements, enabling you to take steps to improve your network security.

  • Verify your network security posture: You can use Network Access Analyzer to verify that potential access to your network resources meets your network security requirements.
  • Demonstrate compliance: You can use Network Access Analyzer to demonstrate that your network on AWS meets certain compliance requirements.

The release of the network access analyzer proves that creating and maintaining an efficient and secured network is one of the major pain points for most organizations these days. This feature is a descent way to understand the vulnerabilities in your network topology, however, it has several limitations and it is unable to provide organizations the most informative answers to their queries and needs.
This is where Lightlytics jumps in.

Lightlytics is using the most sophisticated methods and technologies to provide a full picture regarding your cloud posture, as well as the ability to get the most out of your actions in the platform.
When integrating a new AWS account, Lightlytics is scanning the desired regions for resources’ configurations and inserts them into our highly complex mathematical model.
Immediately Lightlytics understands the different relationships and dependencies between all your cloud resources. In addition, Lightlytics is making sure that the cloud posture in our platform is always updated in real time. We display an actual representation of your cloud posture in real time, with the ability to query the system for source and destination reachable connections, according to your business logic.

There are more than a few unique and important capabilities that can only be provided by Lightlytics Discovery:

  • Permissions: When querying the system, Lightlytics is also taking under consideration the permissions vertical accordingly and displays them alongside the other intermediate components in the results.On top of this, Lightlytics supports IAM Users as the source of queries, and can display possible connections on the permissions level.
  • Flexible resource types: With Lightlytics you can also insert non-network components in your source or destination, such as s3.
  • Better troubleshooting: As mentioned, Lightlytics considers all possible verticals, Networking, Security and Permissions in their query results. Whenever a connection is unable to be established, Lightlytics will pinpoint the exact vertical the prevents this connection from becoming available.
  • Internet exposure: Easily find all resources that are exposed to/from the internet
  • Filters: Lightlytics understands that most of the times you have a certain point that you wish to examine, and not always you want to get all possible results. This is why Lightlytics enables all possible filters on top of each query result, such as source, destination, location, intermediate component an evet allowed ports and protocols
  • Larger results scope: Lightlytics supports cross accounts and regions queries though VPC peerings, transit gateways or even assume roles.
  • Search by tags: Lightlytics supports tags as the source or destination of your queries.

And the best for last: Application Behavior!
On top of all the above, Lightlytics has the ability to collect VPC Flowlogs and S3 Access logs and utilize them into our Discovery and impact analysis.
Lightlytics enrich the IP traffic in your cloud environment and allow our users to statically examine them in real time across VPCs, Buckets and even specific connections

By using Lightlytics Discovery, you can easily gain control over existing infrastructure, design changes in AWS in an efficient manner and embrace the shift left approach by allowing non-infrastructure engineers to better understand the organization’s cloud environment.

We have a lot more existing capabilities and great things to come!
Sign up now and get your 14 days free trial

Read the GigaOM CXO Decision Brief:
Cloud Change Intelligence
What's new
Deploy cloud infrastructure changes with confidence. Troubleshoot faster with the complete context of your cloud environment.