Pattern 1 - Production-Wide Vectra NDR via VPC
About This Architecture
Production-wide Vectra NDR via AWS VPC Traffic Mirroring centralizes threat detection across six production VPCs spanning three AWS accounts using Transit Gateway and VXLAN encapsulation. EC2 workload ENIs in each VPC mirror traffic via UDP/4789 to a dedicated Security Tooling VPC housing a Vectra Sensor Pool and AI Brain detection engine. This architecture separates mirrored traffic (blue) from production app traffic (green), routing both through a shared Transit Gateway and optional inspection layer for comprehensive visibility without impacting workload performance. Fork this diagram to customize mirror targets, add additional VPCs, or integrate with your SIEM and Vectra SaaS portal for centralized threat intelligence. The design balances high-volume traffic analysis with cost optimization by pooling sensors across accounts and leveraging AWS RAM for shared mirror target resources.
People also ask
How do I deploy Vectra NDR across multiple AWS accounts and VPCs using VPC Traffic Mirroring and Transit Gateway?
This diagram shows a production-wide Vectra NDR pattern that mirrors traffic from EC2 workload ENIs across six VPCs in three AWS accounts via VXLAN UDP/4789 to a centralized Security Tooling VPC. The Transit Gateway routes mirrored traffic to a Vectra Sensor Pool and AI Brain detection engine, enabling centralized threat detection without impacting production workload performance.
- Domain:
- Security
- Audience:
- Security architects designing network detection and response (NDR) across multi-account AWS environments
Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.