Cloud Network Sensors
Cloud Network Sensors
KYRA AI MDR provides deployable network security sensors for cloud environments, delivering comprehensive visibility into network traffic without requiring agents on monitored workloads.
Supported Cloud Platforms
| Cloud | Mirroring Service | Status | Deployment |
|---|---|---|---|
| AWS | VPC Traffic Mirroring | Production Ready | Nitro instances |
| GCP | Packet Mirroring | Production Ready | Region-scoped |
| Azure | Virtual Network TAP | Public Preview | Partner required |
| NCP | Packet Mirroring via SFC | Production Ready | VPC environment |
How It Works
Cloud hypervisors block promiscuous mode, so cloud sensors use the provider’s official traffic mirroring API to receive copies of network traffic from monitored instances.
┌─────────────────────────────────────────────────────┐│ MONITORED VM (zero performance impact) ││ production workload │└──────────────┬──────────────────────────────────────┘ │ Cloud provider mirrors traffic ▼┌─────────────────────────────────────────────────────┐│ KYRA CLOUD SENSOR ││ Deep packet inspection + behavioral detection ││ Same analysis engine as on-premises NDR │└──────────────┬──────────────────────────────────────┘ │ Secure forwarding ▼┌─────────────────────────────────────────────────────┐│ KYRA MDR PLATFORM ││ Correlation with log data + AI analysis │└─────────────────────────────────────────────────────┘Deployment Options
| Method | Target | Time to Deploy |
|---|---|---|
| Single-command installer | Ops engineers | < 5 min |
| Infrastructure-as-Code module | Platform/infra teams | < 15 min |
| Container orchestration | Container operators | < 10 min |
| Marketplace image | Enterprise procurement | < 30 min |
Capabilities
- Full NDR Analysis: Same detection capabilities as the on-premises NDR module
- Zero Agent Deployment: No software installation required on monitored workloads
- Auto-Scaling: Sensors scale with traffic volume
- Cross-Cloud: Unified detection across multi-cloud environments
- Encrypted Traffic Analysis: TLS fingerprinting and certificate validation
- Integration: Alerts correlate with log-based detections in the KYRA MDR console