AWS Fargate Security
AWS Fargate is a compute engine for Amazon Elastic Container Service (Amazon ECS) that allows developers to run containers without having to manage servers or clusters. Rather than choose instance types, decide when to scale their clusters, or optimize cluster utilization, users define applications as “tasks.”
AWS Fargate Security is More Than Functions
Protego provides security for AWS Fargate containers as part of our Amazon Web Services security solution for serverless applications. The platform secures your application as a whole, which means ensuring all parts of your cloud native applications are protected in an integrated and efficient way. This allows you to quickly scale your deployment while knowing your applications are secured and protected.
Managed Container-as-a-Service offerings, such as AWS Fargate, are ideal for compute workloads that don’t fit well in a function. AWS Fargate lets you package and run containers without having to manage servers or clusters, resulting in less complexity, overhead, and management. With Protego, you can leverage the benefits of AWS Fargate without worrying about security.
Serverless Security for Fargate Containers
The Protego Serverless Security Platform automates serverless application security from development to runtime giving you full visibility to your AWS Fargate tasks, along with the rest of your cloud native resources. This provides you the same security-focused visualization of workloads in containers as in functions, all on one central dashboard. With Protego’s solution for AWS Fargate you receive:
- The Posture Explorer that provides a comprehensive view of your entire serverless ecosystem
- Security-focused visualization of potential risk areas
- Application and container view of all inputs and triggers
- Native integration with aggregation and reporting tools
Automatically Profile Container and Application Behavior
Discovering and visualizing the behavior and flow of your AWS Fargate environment can be complex as it comprises billions of data points. As such, it is imperative to understand normal application and task behavior in order to alert and stop attacks to the application layer. Effectively and promptly detecting attacks requires continuous monitoring to compile application signals and generate information that’s more useful than 10,000 anomalies.
Protego continuously monitors your serverless application activity in AWS Fargate and automatically creates a white list of actions and interactions on a resource level.
- Discover and visualize serverless application structure, behavior and flow
- Automatically generate a white list of ‘good behavior’ including system access, external communications, triggers and more
- Define custom policies and enforce behavior on a per task level
Detect and Stop Fargate Application Attacks with Accuracy & Speed
The Protego AWS Fargate security solution continuously scans your serverless infrastructure, code, and runtime environment. Utilizing machine-based analysis and deep learning algorithms, Protego builds a model of normal application and task behavior to detect and stop application layer attacks. By adding in additional layers of security with heightened visibility and AI, you are able to minimize the attack surface. This provides developers with the continued agility needed to deploy quickly, and offers the security team with peace-of-mind.
- Function Self Protection detects, alerts, and stops application layer attacks
- Automatic protection from the time of invocation
- Dynamic protection policy based on learned function context
“Moving to a managed service environment has quick security wins with the power of AWS, but, as developers make this shift, they need to change the way they approach application security. The Protego solution with AWS Fargate creates an opportunity to vastly improve how developers think of application security in a cloud-native world by protecting the tasks in the same manner as the function, giving organizations greater visibility and security of their serverless resources.”