Threat Stack announced today it has added support for the AWS Fargate managed serverless container service from Amazon Web Services (AWS) to its intrusion detection platform.
Chris Ford, vice president of product for Threat Stack, says Threat Stack Container Security Monitoring for AWS Fargate employs a sensor in the form of a container sidecar to collect and correlate security telemetry from cloud management consoles, host, containers, orchestration engines, managed container services and applications that comprise AWS Fargate.
That data is then fed back to the Threat Stack Cloud Security Platform to surface intrusions such as unauthorized application code deployed on AWS Fargate.
AWS Fargate has emerged as a popular alternative for deploying applications based on containers because no IT team is needed to manage servers or clusters. Instead, AWS automates the provisioning of IT infrastructure resources on demand by isolating each application on its own pod. Developers can then build and deploy applications without the aid of an internal IT operations team.
Like most cloud service providers, AWS takes a shared responsibility approach when it comes to security. AWS will secure the IT infrastructure environment, but it is up to each IT organization to secure their applications running on the AWS cloud. Achieving that goal in a containerized environment typically requires IT teams to deploy security software in containers that run alongside the application. Developers, however, often assume the cloud service provider is providing security services beyond the infrastructure level and wind up deploying applications that are vulnerable to a wide range of potential attacks.
Ford says that as cloud computing continues to evolve, there is a great appreciation for its security requirements. Deploying a firewall in the cloud is simply not enough, given how adept cybercriminals are becoming at exploiting container hosts.
The good news is that it’s a lot easier to discover an unwanted application running in a single-purpose container compared to a virtual machine hosting tens of processes, all of which have to be individually scanned, notes Ford. As such, over time applications based on microservices built using containers should prove to be more secure than legacy monolithic applications, he adds.
Now that containers are starting to reach a level of critical mass in the enterprise there’s now a lot more focus on securing them. As usual, cybersecurity teams are playing catch-up with yet another emerging technology. The issue now is finding a way to secure containers consistently across a range of cloud services types, in addition to whatever on-premises IT environments containers are deployed on. Threat Stack is making the case for an intrusion detection platform that can be applied not just to containers running anywhere but also to legacy monolithic applications.
It may take awhile for container security to be addressed within the context of a larger set of best DevSecOps practices. However, as container security continues to evolve, the ability to apply those practices specifically to containers improves with each passing day.