AWS Extends GuardDuty Reach to Cloud-Native Services
Amazon Web Services (AWS) this week extended the reach of its Amazon GuardDuty cybersecurity threat detection service to its Kubernetes distribution and the Lambda serverless framework in addition to Amazon Aurora databases services.
Michael Fuller, director of product for AWS security services, said the offering is unique because the agent used on the cloud-native application environment was co-developed with the AWS team that manages Amazon Elastic Kubernetes Service (EKS) and the Amazon Elastic Container Service (ECS). That approach enabled AWS to develop a method for securing cloud-native infrastructure that doesn’t disrupt the pace at which those applications are being developed and deployed, he said.
Deploying and maintaining third-party agent software using container sidecars and other tools to secure a cloud computing environment is not a trivial exercise, noted Fuller.
Amazon GuardDuty previously supported the AWS container runtime environment, and the cloud service provider will soon extend support to the ECS in addition to the support it already provides for EKS, Lambda, Amazon Aurora and Amazon EC2 virtual machines, noted Fuller.
At the core of the Amazon GuardDuty service is a set of machine learning algorithms that were developed to detect threats to AWS environments. Those algorithms then generate alerts based on the severity of the threats discovered. The overall goal is to offload as much responsibility for securing cloud infrastructure to AWS as possible, noted Fuller.
However, IT organizations are still responsible for securing applications and making sure infrastructure resources are not misconfigured. Misconfigurations can make it easy for malicious actors to, for example, exfiltrate data from the AWS S3 cloud service. The cloud service provider does give organizations the option to universally lock down those buckets, but mistakes are still being made, said Fuller.
In addition, AWS is investing more in query tools that will make it easier for organizations to identify vulnerable software packages—such as instances of Log4j monitoring software that haven’t been updated—that might be running on the AWS cloud, he added.
It takes a significant amount of effort for most organizations to master all the nuances of cloud security, which only becomes more challenging as organizations start to build and deploy cloud-native applications. Each organization will need to decide for itself to what degree it prefers to manage cloud security itself versus relying on a cloud provider’s services. Regardless of approach, cloud security requires a level of shared responsibility that may vary from one organization to another.
Overall, however, the state of cloud security continues to improve thanks in part to advances in machine learning algorithms and other forms of artificial intelligence. Increased adoption of DevSecOps best practices among the IT teams that are building and deploying applications is also helping improve cloud security, noted Fuller.
In the meantime, most IT teams would be well-advised to focus on cloud security fundamentals. Cybercriminals, in addition to taking advantage of misconfigurations, have become especially adept at stealing credentials. If IT organizations find ways to address those two issues alone, the state of cloud security would dramatically improve. The challenge, of course, is many of the developers that provision cloud infrastructure lack cybersecurity expertise, so the chances there will be an incident remain higher than anyone would like.
