Amazon Web Services to beef up container security with new threat detection

Amazon Web Services said it’s responding to the rising need for container security with plans to launch new threat detection capabilities for container workloads during the first quarter of 2022.

At the AWS re:Invent 2021 conference today, AWS Chief Information Security Officer Stephen Schmidt said the company does not typically pre-announce features that are still under development. But given the growing importance of container security, the cloud giant is making an exception in revealing its new container threat detection features, he said.

There’s clearly a “need for some new security tooling relevant to this particular space,” Schmidt said.

Enhanced threat detection

A survey by the Cloud Native Computing Foundation found that the use of containers in production has surged by 300% since 2016, with 92% of organizations using containers in production in 2020. That’s made containers a tempting target for cyber attackers: a recent study by Aqua Security found that 50% of new misconfigured Docker instances are attacked by botnets within 56 minutes of being set up.

“As the adoption of containers skyrockets, so does the need for easy-to-manage and scale container security,” Schmidt said.

AWS has “heard that message,” he said, and the cloud provider is now “now developing feature sets that address container environments.”

The first new container threat detection features, launching in Q1 of 2022, will involve extending the Amazon GuardDuty threat detection service to Amazon Elastic Kubernetes Service (EKS) audit logs, he said.

“This will provide customers intelligent threat detection for their container workloads—scanning for unusual resource deployments [and] things like malicious configuration changes, or escalation of privilege attempts,” Schmidt said.

More features coming

The Amazon GuardDuty capabilities are the only new container security features being pre-announced right now by AWS, since we “never want to over-promise,” he said.

But the company expects that coverage from its Amazon Inspector for the Amazon Elastic Container Registry (ECR) will follow, Schmidt said. AWS also plans an expansion of the Amazon Detective service that will bring “its investigation analysis into the container space in the near future,” he said.

AWS had announced container security updates earlier this week at re:Invent, as well. The company disclosed that Amazon Detective can now continually assess ECR-based container workloads, in addition to Elastic Compute Cloud (EC2) workloads.