AWS Security Guide
for Containers
and Cloud

Detect threats across containers (EC2, ECS, EKS, Fargate) and AWS infrastructure using open source Falco policies.

Alert on changes to your AWS user permissions, S3 buckets, access keys etc by analyzing CloudTrail logs with Falco.

Automatically scan AWS Fargate containers directly in Elastic Container Registry (ECR) by listening for Fargate task start events.

Download the guide now and learn how to:

• Automate scanning (including for Fargate containers) within CI/CD pipelines and ECR
• Prevent and detect threats at runtime without impacting performance, leveraging Falco, the open-source cloud native runtime security project
• Detect threats in AWS using CloudTrail with open-source Falco
• Conduct incident response and forensics, even after the container is gone
• Continuously validate compliance against PCI, NIST, CIS. etc.
• Maintain complete control of your images by adopting inline scanning. Scan within your CI/CD pipeline, registry, or at runtime.
• Ship only the scan results back to Sysdig.
• Block vulnerabilities pre-production and monitor for new CVEs at runtime.
• Map critical vulnerabilities back to an application and dev team.