Fargate breach preparedness

Fargate EKS & ECS

Cloud computing and Docker containerization have shifted much of the responsibility for application and server resource management to cloud providers, but not all. Enterprises must still possess the proper knowledge and coding skills to manage cloud workloads efficiently, but with AWS Fargate, IT managers have one less thing to worry about.

Amazon ECS and EKS can use containers provisioned by Fargate to automatically scale, load balance, and manage scheduling of containers for availability

Fargate is an evolution of Amazon Elastic Container Service (ECS, a Docker container management service) that eases the burden of managing Elastic Compute Cloud (EC2) instances. Announced in late 2017, the technology is essentially a Containerization as a Service (CaaS) solution that is starting to gain traction among developers, sysadmins and other AWS users.

Fargate breach preparedness

Since AWS Fargate is a managed service, hence getting the data you need to investigate a potential compromise becomes more complex.

While the visibility provided by built-in CSP tools such as AWS CloudWatch and CloudTrail is important, these data sources alone are not sufficient for a detailed investigation in container environments. In order to gain more visibility into ECS containers, third-party incident and threat intelligence capabilities prove vital to discover, monitor and secure container assets

NGT Security Team can help collecting the
Right Data by using the right tools

When it comes to investigating potential threats in container environments, NGT’s experienced team knows how to collect the right data from containerized environment.

Useful data sources to include as part of a container investigation are:

  • System logs and files from within the container
  • Container running processes
  • Container active network connections
  • Container host system
  • Container runtime logs (if accessible)
  • Container host memory (if accessible)
  • AWS VPC flow logs for the VPC the container is attached to
  • Logs from container repositories

If data collection wasn’t baked into the container declaration before the need to investigate arose, you need to rely on data you can actively interrogate out of the container.

Please get in touch with NGT Team for further details and any questions about the subject.

Besides breach preparedness, incidence response is another vital part of the security operations. In order to response in timely and due manners a security team needs well thought processes & procedures in place. NTG team can help in developing and implementing industry best practices to secure your environment at the best.

To find out more about our Services, email us at info@ngtsol.com or call us at 800-683-6283

Get a free consultation