Laura

16/06/2023

Monitor Your AWS ECS Fargate Environments with SenseOn

This blog was written by Graham Stevens, Staff Security Engineer.

SenseOn’s cloud-native security monitoring platform is a comprehensive container cyber security solution for AWS ECS Fargate users.

By leveraging advanced analytics, automation and threat detection capabilities, SenseOn can quickly identify and respond to cloud security incidents in container environments.

Reducing the cloud attack surface, SenseOn provides real-time visibility into container activity during runtime. This allows security teams to detect and investigate anomalous behaviour or potential threats targeting their virtualised operating systems and containerised applications. 

SenseOn can support DevOps, DevSecOps and cloud security teams by coordinating their monitoring and alerting systems within dockers, container platforms and cloud-based infrastructure. This includes Microsoft 365, Google Cloud Platform and AWS. 

Our advantage is bringing these network security capabilities into a single platform and combining them with an analytics engine that can correlate data from across sources. The result is much greater visibility and awareness of potential threats within modern cloud-based IT ecosystems.

Container Cyber Security Background/Threat Landscape

Containerised environments are a major source of cyber risk for cloud environments.

Containers are lightweight, isolated units that encapsulate applications and their dependencies, making them ideal for deploying software in a cloud environment. However, their dynamic and interconnected nature can introduce vulnerabilities that cybercriminals may seek to exploit.

Amazon’s (AWS) Elastic Container Service (ECS) Fargate is a leading provider of container orchestration services. While Fargate provides convenient and scalable container management, it is not immune to malware, misconfigurations and other cyber threats.

One significant risk is an attacker exploiting a vulnerable application or configuration in a container (T1190), allowing them to execute their own commands, a technique known as RCE (Remote Code Execution). 

With this level of access, an attacker can identify other AWS assets using discovery techniques such as network scanning or access the AWS Metadata API (T1552.005), where sensitive data, including credentials and UserData scripts, can be observed.

It is also possible for container images used in ECS Fargate to contain exploitable vulnerabilities or malicious code.

If untrusted or compromised container images are pulled from registries or malicious dependencies are used in custom build software, they can introduce security risks. 

We know this because attacks using this methodology have been observed in the wild, with container images being released to public registries with misleading names to appear like official images. These containers can then use the xmrig software to conduct cryptocurrency mining.

Cloud Monitoring Benefits

Monitoring cloud environments has become a critical security best practice. With the rapid adoption of cloud services, organisations need to ensure they continuously monitor their digital footprint to detect and respond to potential security incidents effectively. 

There are two core benefits to cloud monitoring. 

Threat Detection

Firstly, monitoring container infrastructure helps detect suspicious or malicious activities within the cloud environment. It does this by giving your SOC real-time visibility into user actions, network traffic, system logs, and application behaviour and allows security teams to identify signs of unauthorised access, malicious activity, or insider threats. 

Compliance

Many industries, such as healthcare, finance, and government, have specific data protection requirements to which organisations must adhere when using cloud services.

Continuous monitoring for security control deployment, access control standards and vulnerabilities in apps helps organisations verify that their cloud environments comply with standards such as the PCI-DS and GDPR. It allows them to track user access, monitor data transfers, and validate security configurations, enabling proactive measures to maintain compliance and protect sensitive information.

What Is AWS ECS Fargate?

Fargate is a serverless compute engine that allows organisations to run containers without having to manage servers or clusters. With Fargate, there is no longer a need to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, administer and patch the host systems, and manually manage scaling the containers and their hosts.

Fargate is compatible with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). 

To use Fargate, first create a task definition that specifies the container image, CPU and memory requirements, and networking and IAM policies. This is then submitted to a Fargate-enabled cluster. Fargate will automatically provision and scale the underlying infrastructure to run the tasks.

The big advantage of ECS Fargate is that it simplifies the process of running containers in the cloud by providing a serverless and managed compute environment. This allows users to focus on developing and using applications rather than managing infrastructure.

Monitoring AWS ECS Fargate with SenseOn

SenseOn has deliberately prioritised container monitoring security services for mid-to-large-sized businesses utilising AWS ECS Fargate as a Container-as-a-Service offering. 

SenseOn’s monitoring solutions can provide real-time visibility into container activity alongside other container technologies and cloud-based environments, enabling security teams to quickly detect and easily investigate anomalous behaviour or potential threats. 

SenseOn’s all-in-one platform also ensures that customers are promptly alerted to credible threats across their entire estate and tech stack, allowing them to take proactive steps to safeguard their systems. 

With SenseOn’s first significant step into container monitoring solutions further bolstering its existing cloud monitoring, businesses can rest assured that their assets are secure and protected from potential cyber threats, no matter their form.

As part of SenseOn’s continual advancements in container workload visibility and detection, in the near future, SenseOn will also be able to monitor Kubernetes clusters. This will help more businesses protect and observe their cloud workflows, cloud-native applications and containerised workloads. 

SenseOn will soon cover each of the big three cloud providers – AWS EKS, GCP GKS, and Azure’s AKS, as well as self-managed deployments.

Deploying SenseOn Within Your AWS ECS Fargate Environment

SenseOn understands the importance of quick and easy deployment for stretched security and IT teams. We have focused on ensuring that deploying and implementing SenseOn within your AWS Fargate environment is as simple as possible with these three easy steps:

  1. Obtain your agent key from the settings view within the SenseOn appliance.
  2. Acquire the details for the SenseOn container registry.
  3. Using our provided Terraform code, deploy the sensor to your AWS environment.

SenseOn will now automatically map the ECS Fargate telemetry to our universal data model and monitor for threat activity.

Start Monitoring AWS ECS Fargate with SenseOn Today

Contact us if you are interested in learning more about SenseOn’s cloud-native security monitoring solutions, including AWS ECS Fargate monitoring, and how we can help you. 

With SenseOn, you can:

Or, book a demo.