Pattern 1 - Production-Wide Vectra NDR via VPC

AWSArchitectureadvanced
Pattern 1 - Production-Wide Vectra NDR via VPC — AWS architecture diagram

About This Architecture

Production-wide Vectra NDR via AWS VPC Traffic Mirroring centralizes threat detection across six production VPCs spanning three AWS accounts using Transit Gateway and VXLAN encapsulation. EC2 workload ENIs in each VPC mirror traffic via UDP/4789 to a dedicated Security Tooling VPC housing a Vectra Sensor Pool and AI Brain detection engine. This architecture separates mirrored traffic (blue) from production app traffic (green), routing both through a shared Transit Gateway and optional inspection layer for comprehensive visibility without impacting workload performance. Fork this diagram to customize mirror targets, add additional VPCs, or integrate with your SIEM and Vectra SaaS portal for centralized threat intelligence. The design balances high-volume traffic analysis with cost optimization by pooling sensors across accounts and leveraging AWS RAM for shared mirror target resources.

People also ask

How do I deploy Vectra NDR across multiple AWS accounts and VPCs using VPC Traffic Mirroring and Transit Gateway?

This diagram shows a production-wide Vectra NDR pattern that mirrors traffic from EC2 workload ENIs across six VPCs in three AWS accounts via VXLAN UDP/4789 to a centralized Security Tooling VPC. The Transit Gateway routes mirrored traffic to a Vectra Sensor Pool and AI Brain detection engine, enabling centralized threat detection without impacting production workload performance.

AWSsecuritynetwork-detection-responseVPC-traffic-mirroringmulti-accountVectra
Domain:
Security
Audience:
Security architects designing network detection and response (NDR) across multi-account AWS environments

Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.

Generate your own architecturediagram →

Pattern 1 - Production-Wide Vectra NDR via VPC — AWS architecture diagram

About This Architecture

Production-wide Vectra NDR via AWS VPC Traffic Mirroring centralizes threat detection across six production VPCs spanning three AWS accounts using Transit Gateway and VXLAN encapsulation. EC2 workload ENIs in each VPC mirror traffic via UDP/4789 to a dedicated Security Tooling VPC housing a Vectra Sensor Pool and AI Brain detection engine. This architecture separates mirrored traffic (blue) from production app traffic (green), routing both through a shared Transit Gateway and optional inspection layer for comprehensive visibility without impacting workload performance. Fork this diagram to customize mirror targets, add additional VPCs, or integrate with your SIEM and Vectra SaaS portal for centralized threat intelligence. The design balances high-volume traffic analysis with cost optimization by pooling sensors across accounts and leveraging AWS RAM for shared mirror target resources.

People also ask

How do I deploy Vectra NDR across multiple AWS accounts and VPCs using VPC Traffic Mirroring and Transit Gateway?

This diagram shows a production-wide Vectra NDR pattern that mirrors traffic from EC2 workload ENIs across six VPCs in three AWS accounts via VXLAN UDP/4789 to a centralized Security Tooling VPC. The Transit Gateway routes mirrored traffic to a Vectra Sensor Pool and AI Brain detection engine, enabling centralized threat detection without impacting production workload performance.

Pattern 1 - Production-Wide Vectra NDR via VPC

AWSadvancedsecuritynetwork-detection-responseVPC-traffic-mirroringmulti-accountVectra
Domain: SecurityAudience: Security architects designing network detection and response (NDR) across multi-account AWS environments
0 views0 favoritesPublic

Created by

July 1, 2026

Updated

July 1, 2026 at 9:58 AM

Type

architecture

Need a custom architecture diagram?

Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.

Generate with AI