Get a Demo
Under Attack?
Abstract geometric pattern with interconnected orange cubes forming circular and linear shapes on a white background. The upwind logo is visible in the top left corner.

Holistically Protect ECS Deployments with Upwind’s Support for ECS Fargate

<br />
<b>Warning</b>:  Undefined variable $photo in <b>/nas/content/live/landing173/wp-content/themes/bricks/includes/elements/code.php(236) : eval()'d code</b> on line <b>33</b><br />
<br />
<b>Warning</b>:  Trying to access array offset on value of type null in <b>/nas/content/live/landing173/wp-content/themes/bricks/includes/elements/code.php(236) : eval()'d code</b> on line <b>33</b><br />
Denise Ashur August 06, 2024

Holistically Protect ECS Deployments with Upwind’s Support for ECS Fargate

We are excited to introduce a significant new capability in the Upwind Cloud Security Platform – support for AWS Fargate for Amazon Elastic Container Service (ECS). This capability demonstrates our continuing commitment to security for containerized workloads, with support for both ECS deployment models within the AWS ecosystem.

At Upwind, we have consistently heard from customers that the market lacks quality, deep real-time protection for ECS Fargate. We crafted our Fargate support with industry-leading performance & functionality, providing customers with a simple, streamlined way to provide robust, real-time security for ECS workloads, both for EC2 and Fargate deployments. Fargate benefits customers by abstracting away the undifferentiated heavy lifting of managing infrastructure for microservices architectures and bursty workloads – but this necessitates a new approach to runtime monitoring.  

Introducing  “Upwind-ptrace”

ECS Fargate’s abstraction layer does not provide access to the underlying hardware or operating system and lacks support for eBPF, which Upwind uses in its sensors for monitoring VM and other containerized orchestration layers (including ECS on EC2). We solved this challenge with a new technology we call “Upwind-ptrace.” Upwind-ptrace is a highly tuned & customized monitoring technology designed specifically for AWS Fargate environments. It leverages the core functionality of the Linux ptrace command but tailors it for Fargate’s performance and security needs. 

Cloud-providers-1024x674

Using ptrace has typically meant a significant performance impact and noise from sifting through all the system calls, but the Upwind-ptrace was intentionally designed to achieve deep visibility into Fargate tasks while minimizing overhead. It does this with several innovative techniques, including dynamically filtering out unnecessary system calls, focusing only on those critical for runtime security. Additionally, Upwind-ptrace utilizes batched processing and reduced data copying to optimize performance in resource-constrained Fargate environments. The result is a powerful tracing solution that offers comprehensive security without sacrificing performance.

Benefits for AWS Fargate Users

Fargate users can now leverage Upwind’s industry-leading capabilities to ensure robust protection across AWS Fargate deployments across three main layers of your application stack: 

  • Network: The Upwind-ptrace monitors all network traffic in real time, actively monitoring all ECS cluster communication, as well as all the communicating resources under it. 
  • Process: The Upwind-ptrace monitors every process execution and file activity in real time, actively monitoring for potential threats or anomalies.
  • Workload Container Images: Upwind scans all ECS container images in your registry and correlates that information with workload runtime context, actively monitoring real-time environmental variables such as if a package is in use or receiving communication from the Internet. 
ECS-Fargate-1024x794

By actively protecting and monitoring these important aspects of applications & infrastructure, Upwind is able to provide comprehensive protection for AWS Fargate. Upwind users will be able to see this information & findings  in the following areas of the Upwind Platform:

  • Threat Detection: Be alerted to Detect any threats to AWS Fargate in real time, and view all related events or detections in Upwind’s Threats Tab. You can view detailed root cause analysis for each finding, along with the ability to respond to threats in real time.
  • Vulnerability Management: Detect vulnerabilities associated with AWS Fargate resources in real time, as well as receiving deep prioritization information through the Upwind Vulnerability Funnel. Easily identify which Fargate vulnerabilities should be prioritized for remediation based on Upwind’s correlation of runtime data and real environmental variables, such as resources that contain sensitive data, packages that are in use, and resources that are actively communicating with the Internet.
  • Inventory: Discover all ECS clusters and all workloads running on EC2 & Fargate in the Inventory Tab. You can also view compute data for ECS services in the Compute Tab and view all running and scanned images in the Images Tab. 
  • Upwind Topology Map: View ECS clusters and all communicating resources under them in the Upwind Topology Map, including real-time network communication and any associated resource risk overviews.

With this release, AWS Fargate users are able to leverage Upwind’s industry-leading runtime protection, making it easy to protect all of your cloud infrastructure from one comprehensive security platform .

Learn More

Want to learn more about Upwind’s support for AWS Fargate? Visit the Upwind Documentation Center (login required) or schedule a demo.

401 Authorization Required

401 Authorization Required


nginx
Contents

Further Reading

Superhuman AI

Security AI Needs an Honest Scoreboard: What It’s Superhuman At, and Where It Comes Up Short

If you follow AI at all, you know the leaderboards. Every few weeks a model takes the top spot, and we all check where our favorite landed. But a leaderboard only tells you who's ahead, and it stays quiet about where any of those models still come up short. Which, conveniently, is the part that…
Focus Mode

Find What Matters with Upwind Focus Mode

Focus Mode is now available in the Upwind platform, giving security teams a faster, more focused way to work. Instead of navigating across the platform, you can switch to Focus Mode to slice and dice the Upwind platform by Vulnerability Management, Cloud Security Posture, Attack Surface Management, Administration, or Threats, and starting next week, AI…
Early Advisories

Introducing Early Advisories: Turn Emerging Threats into Action

We’re excited to introduce Early Advisories as part of the Upwind platform. Powered by Upwind's security research team, Early Advisories notify customers about emerging threats, including zero-days and supply chain attacks, before they receive a CVE identifier. Early Advisories are published directly into the Vulnerabilities module alongside CVE-based findings and automatically correlated with your live…