DevOps security startup Sysdig Inc. said today it has partnered with Amazon Web Services Inc. to create new runtime detection and incident response tools for AWS Fargate, a serverless compute engine for running application containers in the cloud.

The new offering also contains a key file integrity monitoring capability for AWS Fargate that Sysdig said is a necessary component for organizations to ensure compliance with the Payment Card Industry Data Security Standard.

Sysdig, which bagged $188 million in a Series F round of funding last month, sells tools for securing Kubernetes-based container environments. They’re used to host modern software applications that can run on any computing platform. Kubernetes is open-source software that’s used to manage large clusters of containers.

Sysdig’s products include Sysdig Monitor, a cloud-native intelligence platform based on the open-source Falco project that helps manage large Kubernetes deployments, and Sysdig Secure, which embeds security and compliance into the build, run and respond stages of the container and Kubernetes lifecycle.

AWS Fargate is a “serverless” technology launched in 2017 that works with the Amazon Elastic Compute Service offering to run containers without information technology departments having to manage servers or clusters of Amazon EC2 instances. With Fargate, there’s no need to provision, configure or scale up and down clusters of virtual machines to run containers.

Sysdig said it was able to deliver enhanced visibility into AWS Fargate through Falco, which can access system calls exported by the Linux kernel that underlies the serverless infrastructure. The new capability will provide users with a more unified view of their AWS Fargate deployments and also compatible container services such as Amazon Elastic Container Service and Amazon Elastic Kubernetes Service, bringing their attention to any misconfigurations, vulnerabilities or runtime threats.

Sysdig said that besides being able to detect runtime threats in AWS Fargate, it can also provide detailed audit and response capabilities. Incident response is dependent on having a detailed audit trail and forensics data, the company said, and so it captures all AWS Fargate activity including commands and network connections and correlates that data with context from the cloud infrastructure and Kubernetes data. In other words, it enables DevOps and security teams to “interact with and filter through the capture files to understand what happened” and then take appropriate action.

The new service also helps to identify potential container image vulnerabilities and suspicious file activity and configuration changes, such as CloudTrail log deletions or alterations to user access rights to sensitive data. Incidents are classified based on the level of severity, enabling teams to prioritize their investigations and responses, Sysdig said.

Sysdig expects the new file integrity monitoring capability for AWS Fargate could be a game-changer. It cited a recent report from Gartner Inc. that said the lack of visibility into serverless deployments is one of the biggest barriers to adoption.

The problem with serverless technologies is that the underlying infrastructure remains hidden from the users, so they only have limited visibility into workload activity. But to reduce risk, organizations need visibility, alerts in the case of a breach and a record of exactly what happened so that they can take proper action.

Jacob Williams, founder and president of Rendition InfoSec LLC and a SANS Institute Instructor, said that once organizations have the visibility they need to effectively detect and respond to threats, severless container services such as AWS Fargate will really take off.

“Without threat detection and access to detailed audit trails for investigations, companies have no way of knowing what exactly is going on and who is accessing their data,” Williams said.

Photo: Tony Webster/Flickr