AWS Container Threats – How to Detect Threats in the Public Cloud
Today more and more applications are running in a public cloud in containers. A common question we hear is “Do AWS container threats exist and how can we detect them?” For the application administrator or a security team, it is always interesting to know what and how their containers look like from security point of view.
The recent ransomware issues with MongoDB and Elasticsearch are not the only AWS container threats to worry about. It is important to have visibility into how containers are working and the details of their network connections.
We did some simple tests on AWS using a test application and captured some real-world threat examples to show how containers are just as vulnerable as any other application infrastructure. We deployed several application containers in an AWS ECS test environment. We used the standard configuration and turned on platform security features such as security groups. Only one publicly facing port was opened for each of application. For example, port 1080 was opened for an NGINX container which served as a load balancer for the application’s HTTP web requests. Then we deployed the NeuVector security containers, set the system in protect mode, and left the application running for a few days. This is the automatically generated network map and application segmentation created.
Read the entire article here, AWS Container Threats – How to Detect Threats in the Public Cloud