May 18, 2023

Secure Your Customer’s Cloud Workload (CWP)

When thinking about cloud security, and specifically containerized applications in the cloud, there are several aspects to consider:

 

 

Smart use of cloud elasticity features presents some unique challenges related to deploying and managing agents on workloads.
Specifically, features such as EC2 auto scaling groups, or various container orchestration frameworks that spawn workloads on demand present a challenge.
Specifically today we will focus on the deployment of agents on containers orchestrated by AWS ECS, and deployed on Fargate.

 

 

Most of our customers who use AWS-ECS prefer to use AWS-Fargate technology (serverless containers)
With Fargate technology, they no longer have to provision, configure, or scale clusters of virtual machines to run containers.
They don’t even need to decide when to scale their clusters, optimize cluster packing, or choose a server type. The customer can easily manage and deploy their containerized applications, making their operations more efficient and streamlined.

 

Furthermore, Fargate enables scaling of applications in real-time to meet the demands of today’s fast-paced business environment.
This essential feature ensures that customers can deliver the best possible service to their clients at all times, while optimizing scale and costs.

 

 

To further enhance the security of our customer’s cloud workload (CWP), we recently deployed the CrowdStrike Falcon-Sensor for hundreds of containers in the Fargate environment.
This solution provides advanced threat detection and prevention capabilities.
With Falcon-Sensor, you can detect and respond to threats in real-time, which is essential in today’s threat landscape. The solution also provides full visibility into container activity, so you can always see what is happening in your environment.
This is especially important when dealing with dynamic workloads that are constantly spawning and dying.

 

 

To properly integrate the Falcon-Sensor, we needed to update the ECS task definition (JSON file which describes how the container is built).
We added a CrowdStrike init-container to run before the application containers, which in turn installs all necessary CrowdStrike software into the application containers. This ensures that the sensor is properly configured and running correctly within the ECS environment. Through this process, we were able to successfully integrate the CrowdStrike Falcon-Sensor for containers and provide enhanced security for your customer’s cloud workload.

 

 

 

One of the main challenges was ensuring that the integration process did not impact our customer’s existing production environment. This required careful planning and coordination with our customer’s team to identify potential risks, minimize any potential downtime and schedule the right timing to start production deployment , ensuring that it would have the least impact on their production environment.
We used task definition revisions to load the “crowd strike enabled” version of the container, which also allows for easy and fast roll back in case of any problem is encountered.

 

 

Finally the agent is deployed on all variants of the customer workloads, from static servers, dynamic auto scaled servers, and ECS containers on Fargate.

 

 

 

Omri Shemesh,
Cloud Security Engineer.

Linkedin link

 

Under Attack?
Broken Network System?

Leave your details below and we’ll get back to you shortly