Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2021

sysdig

Securing containers on Amazon ECS Anywhere

May 27, 2021 By Eric Carter In Sysdig

Amazon Elastic Container Service (ECS) Anywhere enables you to simply run containers in whatever location makes the most sense for your business – including on-premises. Security is a key concern for organizations shifting to the cloud. Sysdig has validated our Secure DevOps platform with ECS Anywhere, giving AWS customers the security and visibility needed to run containers confidently on the new deployment model.

Read Post
sysdig

Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack

May 24, 2021 By Stefano Chierici In Sysdig

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.

Read Post
sysdig

Securing the new AWS App Runner service

May 24, 2021 By Eric Carter In Sysdig

In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.

Read Post
sysdig

Digging into AWS Fargate runtime security approaches: Beyond ptrace and LD_PRELOAD

May 11, 2021 By Loris Degioanni In Sysdig

Fargate offers a great value proposition to AWS users: forget about virtual machines and just provision containers. Amazon will take care of the underlying hosts, so you will be able to focus on writing software instead of maintaining and upgrading a fleet of Linux instances. Fargate brings many benefits to the table, including small maintenance overhead, lower attack surface, and granular pricing. However, as any cloud asset, leaving your AWS Fargate tasks unattended can lead to nasty surprises.

Read Post
sysdig

Securing AWS Fargate workloads: Meeting File Integrity Monitoring (FIM) requirements

May 4, 2021 By Alba Ferri In Sysdig

Securing AWS Fargate serverless workloads can be tricky as AWS does not provide much detail about the internal workings. After all… it’s not your business, AWS manages the scaling of underlying resources for you. :) While the security and stability of Fargate’s system is an inherent feature, Fargate follows a shared responsibility model, where you still have to take care of securing those parts specific to your application..

Read Post

AWS Fargate runtime security - Implementing File Integrity Monitoring with Sysdig

May 4, 2021 By Sysdig In Sysdig
Thanks to serverless you can focus on your apps, instead of your infrastructure. Take AWS Fargate as an example. A service where you can deploy containers as Tasks, without worrying what physical machine they run on. However, without access to the host How can you detect suspicious activity? Like, file changes on your Fargate tasks? Sysdig provides runtime detection and response to secure Fargate serverless containers.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.