Container adoption is on the rise as more organizations transition from virtual machines to micro services-based architectures. While containers have an added layer of security due to their ability to isolate applications, this doesn’t mean the containerized environment keeps your business safe from malicious attacks. AWS container security is critical to ensure you have visibility into your orchestration logs, container logs, network traffic, and any signs of vulnerability ito respond to threats immediately.  

As you develop your AWS container security strategy — whether you are using Amazon ECR, ECS, EC2, or Fargate — there are four key areas to consider.  

AWS container key security considerations

Registry

A container registry is a repository — or collection of repositories — used to store and access container images. This repository can contain vulnerable source code. If you pull items from the registry with vulnerabilities inherent in them, you’ll expose yourself to running vulnerable containers. In addition, when you configure a registry using open source, exercise caution. One of the lessons learn from the Log4j saga was that while open source adds efficiencies, it can have insecure components.  

Tight access control is one way to secure your registry. Always know who is accessing and changing items within the registry. Regularly scan images and encrypt them for better protection from attack while in transit so they will be less likely to be viewed or tampered with. Also, be sure to use HTTPs for any transfers. 

Orchestration

Just as orchestration allows you to easily automate much of your containerized environment, someone can maliciously step in and run your containers. To avoid orchestration vulnerabilities, monitor configuration settings closely, regularly update your technology, maintain tight access, and ensure the public cannot access your orchestration layer. If you make your orchestration public, then you are exposing yourself to risk. It’s like someone constantly knocking at your door; if they keep knocking, they may find their way in.  

Host

As with orchestration and registry, maintaining tight access with your host is critical. With your host, look for what might be vulnerable and shared by your container(s). Regularly review applications for potential vulnerabilities. Be sure to monitor your host’s traffic and its behavior through logs and network packet inspection.  

Container

Always scan images before going live and then scan the active containers during run time. This should pinpoint  any exposures that introduce risk. 

As part of an in-depth defense strategy, you also need to monitor your deployed containers to identify suspicious or malicious use. As a best practice, analyze both logs and network traffic. At Alert Logic, when we monitor container traffic, we look at both inter- and intra-container traffic, which allows us to find an issue to a specific workload. If an issue is identified, the identified microservice can be addressed and remediated without pulling the entire cluster down and starting from scratch to find the problem. If you experience a compromise, there should be less downtime and impact with this approach to container traffic monitoring. 

Partnering with Alert Logic for AWS Container Security

No matter what combination of AWS containerization you have chosen, Alert Logic MDR and Fortra XDR provide the needed visibility into orchestration logs, container logs, and network traffic. By choosing containers for their modernization and optimization benefits, you can safeguard your code, data, and software with Alert Logic as your trusted partner on this journey.

To learn more about securing containers on AWS with Alert Logic, check out our ebook, Secrets to a Stronger Strategy for Container Security. 

Josh Davies
About the Author
Josh Davies
Josh Davies is the Principal Technical Product Marketing Manager at Alert Logic. Formerly a security analyst and solutions architect, Josh has extensive experience working with mid-market and enterprise organizations, conducting incident response and threat hunting activities as an analyst before working with businesses to identify appropriate security solutions for challenges across cloud, on-premises, and hybrid environments.

Related Post

Ready to protect your company with Alert Logic MDR?