Amazon Web Services to beef up container security with new threat detection

Amazon Web Services (AWS) announced new container security features coming in early 2022, including GuardDuty threat detection for Amazon EKS. …

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more


Amazon Web Services said it’s responding to the rising need for container security with plans to launch new threat detection capabilities for container workloads during the first quarter of 2022.

At the AWS re:Invent 2021 conference today, AWS Chief Information Security Officer Stephen Schmidt said the company does not typically pre-announce features that are still under development. But given the growing importance of container security, the cloud giant is making an exception in revealing its new container threat detection features, he said.

There’s clearly a “need for some new security tooling relevant to this particular space,” Schmidt said.

Enhanced threat detection

A survey by the Cloud Native Computing Foundation found that the use of containers in production has surged by 300% since 2016, with 92% of organizations using containers in production in 2020. That’s made containers a tempting target for cyber attackers: a recent study by Aqua Security found that 50% of new misconfigured Docker instances are attacked by botnets within 56 minutes of being set up.

“As the adoption of containers skyrockets, so does the need for easy-to-manage and scale container security,” Schmidt said.

AWS has “heard that message,” he said, and the cloud provider is now “now developing feature sets that address container environments.”

The first new container threat detection features, launching in Q1 of 2022, will involve extending the Amazon GuardDuty threat detection service to Amazon Elastic Kubernetes Service (EKS) audit logs, he said.

“This will provide customers intelligent threat detection for their container workloads—scanning for unusual resource deployments [and] things like malicious configuration changes, or escalation of privilege attempts,” Schmidt said.

More features coming

The Amazon GuardDuty capabilities are the only new container security features being pre-announced right now by AWS, since we “never want to over-promise,” he said.

But the company expects that coverage from its Amazon Inspector for the Amazon Elastic Container Registry (ECR) will follow, Schmidt said. AWS also plans an expansion of the Amazon Detective service that will bring “its investigation analysis into the container space in the near future,” he said.

AWS had announced container security updates earlier this week at re:Invent, as well. The company disclosed that Amazon Detective can now continually assess ECR-based container workloads, in addition to Elastic Compute Cloud (EC2) workloads.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Live Updates for COVID-19 CASES