Wiz
Blog

Expanding Wiz Runtime Sensor Coverage - Now Blocking Threats and Protecting Serverless Containers at Runtime

Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps.

Nicolas Ehrman, Shahar Yakov
4 minutes read

Serverless containers are reshaping how developers build and deploy applications. By removing the need to manage the underlying infrastructure, serverless containers like AWS Fargate and Azure Container Apps (ACA) allow developers to focus on what they do best—writing code—while the cloud service provider takes care of the servers, scaling, and maintenance. This approach accelerates development cycles and simplifies operations, making it a popular choice for modern applications. 

Today, we’re excited to announce that Wiz is extending the coverage of our runtime sensor to serverless containers, offering a defense-in-depth strategy that provides visibility, blocking, and hunting across the entire lifecycle of serverless workloads. With this new capability, organizations using AWS Fargate and Azure Container Apps (ACA) can achieve the same level of security that they’ve come to expect from our Kubernetes and Linux workload coverage. 

Wiz is an essential part of our container security strategy, enabling us to scan containers and container images for vulnerabilities. For the first time, we can easily identify and report on issues across our complex landscape of serverless environments—all in a single pane of glass.

Cody Johnson, Director, Vulnerability Management, Compass

Serverless Containers: A Quick Overview 

 The adoption of serverless containers introduces a new security model. With serverless offerings like AWS Fargate and ACA, the shared responsibility model shifts. Customers no longer have direct access to the host and kernel, as these layers are fully managed by the cloud provider. This limits traditional security methods but offers the advantage of focusing only on securing network configurations, runtime behaviors, and identity management

Serverless containers bring new opportunities but also present unique security challenges

  • Ephemeral nature of tasks: The short lifespan of tasks makes detecting and responding to potential threats more difficult, as traditional security tools may struggle to keep up. 

  • Restricted host access: Without direct access to the host infrastructure, organizations must find alternative ways to gain visibility into runtime activities. 

  • Configuration risks: Misconfigured network settings or identity permissions can create vulnerabilities, making it crucial to have a solution that can detect and remediate risks at runtime.  

Wiz Runtime Sensor to the Rescue 

Wiz’s runtime sensor has been a game-changer in providing deep visibility into workloads, and now, this same capability extends to serverless containers. As part of our defense-in-depth strategy, our sensor delivers comprehensive protection throughout the serverless container lifecycle, ensuring that security doesn’t end with deployment. 

 

Figure 1: Attack path visualization of an ECS on Fargate container

Our sensor achieves this by leveraging ptrace, a technique that allows us to monitor serverless containers at runtime, even without host access. This means that customers using AWS Fargate and ACA can maintain deep visibility into container processes without needing to alter their serverless setup.

6sense uses a range of container technologies to create a top-notch platform for our customers. Wiz provides a complete view of our container environments from start to finish, allowing our team to quickly detect and respond to any threats, which is essential for our business. With Wiz, we have comprehensive visibility and coverage across our entire cloud-native stack on a singular platform.

Avik Sarkar, Staff Security Engineer, InfraSec, 6Sense

The sensor can be deployed as a sidecar or embedded, offering flexibility to adapt to various architectural needs. And, just like our eBPF sensor for Kubernetes and Linux workloads, our serverless container sensor provides: 

  • Threat Detection and Response: Detect and respond in realtime on the host. Create custom threat detection rules and use predefined rules to block complex threats, malware, unwanted behaviors, suspicious activity, malicious processes and more. 

  • Custom Rules: Create complex rules tailored to your environment to detect suspicious processes and network behavior. Each rule can trigger specific response actions, such as generating a finding, creating an issue, or blocking the behavior. Rules are applied at the project or environment level to ensure comprehensive detection coverage.

  • Runtime hunting: The Wiz sensor monitors all serverless container events, including processes, commands, DNS requests, and more. It centralizes these events across all workloads, enabling proactive identification of indicators of compromise (IOCs) and simplifying the investigation process.

Figure 2: Example of a process tree

  • Expand Cloud Detection and Response: Leverage runtime behavioral baselines to detect anomalies and reduce detection noise. Correlate runtime events with control plane, data, identity, network, and PaaS events. Reduce investigation time with runtime forensic data and respond immediately at the control plane or workload level. 

  • Vulnerability Validation at Runtime: Understanding which vulnerabilities are actually exploitable in the runtime environment, helping prioritize remediation efforts based on real-world risks. 

By providing these capabilities, Wiz ensures that serverless environments are protected against advanced threats while maintaining the agility that makes serverless so appealing. 

Conclusion 

With the addition of the serverless container sensor, Wiz continues to lead the way in cloud-native security, offering unmatched coverage that spans from code to runtime. As organizations increasingly adopt serverless containers solutions for their ease of use and scalability, having a security solution that is purpose-built for these environments becomes essential. 

Wiz’s comprehensive security platform ensures that your serverless workloads are not only monitored but actively protected—allowing your team to innovate without sacrificing security. By bridging the gap between development speed and robust security, Wiz enables organizations to embrace the benefits of serverless while maintaining full control and visibility over their dynamic environments. 

 If you have serverless container environments and want to secure them right now, we invite you to explore our documentation (login required) to find out all the details of how it works and how to deploy it. What's more, our team can provide customized demonstrations tailored to your specific needs and challenges. Contact us today to schedule a demo and discover the full potential of Wiz for your organization.

Tags
#Security#Product

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo