Securing Amazon EKS Anywhere with SentinelOne Singularity

SentinelOne Announced As Launch Partner for Amazon EKS Anywhere

Today, SentinelOne was announced as a launch partner for AWS’ new on-prem and hybrid Kubernetes service, Amazon EKS Anywhere. EKS Anywhere extends AWS’ popular cloud Kubernetes service to deliver hybrid cloud agility for on-premises workloads. EKS Anywhere brings customers flexibility and choice when deploying, managing, and scaling Kubernetes workloads.

Flexibility and Choice for Kubernetes

Containerized applications are the future of how applications are written and deployed.

Gartner predicts that by 2023, 70% of organizations will be running three or more containerized applications in production. Kubernetes, a purpose-built open-source platform for managing and orchestrating containers, is the most used container orchestration control plane powering more than 50% of containerized applications. By abstracting the complexity of container lifecycle management, Kubernetes enables organizations to re-architect and modernize applications for scalability and portability.

Despite the almost universal adoption of cloud services, many organizations have sunk CapEx investments in on-premises infrastructure. Additionally, DevOps teams likely have separate tooling for Kubernetes in the data center vs. Kubernetes running in public clouds like AWS. Multiple control planes for Kubernetes workloads lead to a lack of uniformity, which makes management complex, confusing, and expensive. Operational differences between separate Kubernetes environments also lead to gaps in security policy and controls. Organizations need a way to unify the management of Kubernetes, utilizing existing on-premises investments while taking advantage of the agility and scalability of the public cloud. For these reasons, hybrid approaches offer the best of both worlds and are the driving force behind AWS’ new EKS Anywhere offering.

How Does EKS Anywhere Work?

EKS Anywhere creates a hybrid cloud Kubernetes control plane to create and operate K8s on-premises on your own hardware or in the public cloud. Where the EKS service manages Kubernetes workloads in AWS, EKS Anywhere extends the managed Kubernetes service to containerized workloads deployed either on-premises or hybrid.

EKS Anywhere uses the backbone of EKS to automate the deployment, scaling, and management of containerized apps.

EKS and EKS Anywhere are powered by Amazon EKS Distro, Amazon’s open-source Kubernetes distro. EKS Distro is an upstream, certified conformant version of Kubernetes that enables the creation of K8s clusters anywhere. EKS Anywhere bundles Kubernetes with networking, cluster config database, and storage plugins that are all tested, supported, and validated by AWS. With EKS Anywhere, AWS offers continuous security patches, updates, and extended support.

EKS Anywhere helps reduce support cost, tool redundancy, and complexity with a single dashboard in AWS console that provides unified management of K8s regardless of location. EKS Anywhere supports several types of deployments based on the availability of internet connectivity at the on-premises location:

  • Fully Connected: Supports backups, instance snapshots to S3, and full-featured audit, compliance, and policy management.
  • Partially Connected: In cases of intermittent disconnects, the EKS console will show the last connected state.
  • Disconnected: Use EKS distro to run clusters on-premises. All of the benefits of homogeneous EKS Distro images without a centralized EKS management console in AWS.

Amazon EKS Anywhere delivers a number of benefits for organizations seeking frictionless hybrid cloud:

  • Workload migration and modernization: Provides developers and DevOps with consistent tooling and a familiar interface for deploying Kubernetes. Rather than refactoring or re-platforming containers, a common base image enables an accelerated journey to the cloud for K8s workloads.
  • Utilize and optimize on-premises investments: Use existing investments in on-premises infrastructure, especially for applications that require low latency. Deploy applications on-premises using EKS Anywhere and seamlessly burst excess demand to EKS in AWS for temporary capacity.
  • Flexibility: Choose the right infrastructure for the right workload with maximum choice. Have applications with specific data residency requirements? Keep the data where it is for compliance purposes, and shift compute to cloud-based instances in EKS.

What Does SentinelOne Bring To EKS Anywhere?

Kubernetes provides many benefits for DevOps, but if improperly secured presents an attractive target for adversaries who seek to disrupt business. The 2021 IDC State of Cloud Security survey says 98% of companies surveyed experienced a cloud data breach in the last 18 months, illustrating that cloud workloads are just as vulnerable to malware, ransomware, and nation-state attacks as user endpoints. Kubernetes has become a popular attack vector and is primarily targeted for data theft, cryptomining using the underlying infrastructure, and denial of service to critical applications. This challenge prompted the NSA to issue specific guidance on the hardening of Kubernetes environments.

Just as DevOps and developers struggle with tool redundancy and complexity, so do cloud security practitioners. Multiple cloud security tools create operational difficulties and blind spots, which may leave organizations vulnerable. SentinelOne believes that for cloud security to be effective, it should provide the same level of consolidated management and automation as Amazon EKS Anywhere does for Kubernetes.

An integral part of the Singularity™ Platform, Singularity Cloud extends security and visibility to assets running in public clouds, private clouds, and on-premises data centers. Singularity Cloud is the single console for hybrid cloud management; security teams can manage not only Linux and Windows servers in Amazon EC2, but also Docker and Kubernetes-managed containers, all from the same console where they secure user endpoints.

A single featherweight Sentinel agent delivers runtime, AI-driven protection, detection, and response at machine speed across the hybrid cloud estate. The Kubernetes Sentinel brings ActiveEDR® to Docker containers and both self-managed and managed Kubernetes services like EKS, EKS Anywhere, ECS, and ECS Anywhere, with automated kill and quarantine, Application Control Engine, and complete remote shell forensics.

Detecting Threats in an EKS Environment

Our agent is DevOps-friendly. Auto-deployed as a DaemonSet, a single, resource-efficient Kubernetes Sentinel agent protects the Kubernetes worker, its pods, and all their containers without any container instrumentation to gum up the works. Plus, our agent operates entirely in user space: no tainted kernels, no kernel panics, and freedom to update your AMI at will without fear of conflicting with the Sentinel agent.

SentinelOne gathers cloud metadata from the workload, making it easy to tag, group, and manage policy based on the workload characteristics. To simplify management, we can take all instances with a particular image ID and apply a more granular or hardened policy.

“Amazon EKS Anywhere brings unprecedented flexibility and agility for Kubernetes workloads by offering true hybrid cloud container orchestration, “ said Guy Gertner, Vice President of Product Management, SentinelOne. “The SentinelOne Singularity™ Platform delivers industry-leading protection and EDR to Kubernetes and containerized workloads, wherever they are deployed whether on-premises or in AWS.”

SentinelOne is powered by AWS and is available on the AWS Marketplace. Learn more about SentinelOne and AWS or join our upcoming webinar with Presidio to see how SentinelOne brings AI-powered threat prevention, detection, and response to AWS workloads.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *