The Alert Logic® Agent Container, a new Alert Logic Threat Manager™ capability designed to protect container deployments in Amazon Web Services (AWS), is now available. The Agent Container provides high-quality container-aware incidents for containerized infrastructures on AWS Elastic Container Service (ECS), AWS-deployed Kubernetes, and Docker.
This release provides:
- A seamless way to deploy the Agent Container in parallel to your own
- A new method for collecting network traffic from containerized incidents so traffic can be analyzed for active exploits
- The ability to monitor containerized environments in real time by leveraging true packet-level visibility into container-relevant network traffic
For more detailed information on how the Agent Container works, see the Agent Container for AWS Deployments knowledge base article.
Defining the Alert Logic IDS for Containers
The Agent Container is a productized container designed to be deployed in containerized workloads in AWS. The container captures traffic in most common container networking scenarios, which is then sent to be inspected by Threat Manager. Threat Manager analyzes this difficult-to-capture traffic using an intrusion detection application, which provides visibility into potential network-based exploits that could be targeting the container infrastructure.