Security threats to serverless functions can only be detected by automated behavior tracking, said Patrick Crowley, founder and CTO of Observable Networks. To this end, the security provider now includes support for AWS Lambda in its Observable Cloud service subscription.
Observable Networks provides customers with real-time Lambda function activity assessment. Its automated recognition of changes in behavior signals a potential compromise by a third party.
“We model the behavior of entities in your IT footprint, whether those entities are servers or AWS Lambda functions or users,” Crowley said. “When the Lambda function is running, or the server is operating, everything it does on the network are aspects of behavior that Observable Networks is monitoring in real-time for the purpose of detecting security problems.”
Serverless functions such as AWS Lambda have no permanent home in the cloud. This allows developers to run code without managing servers.
“This severless trend isn’t a marginal activity affecting a niche segment of the developer community,”Crowley said. “This is a trend that seems to be well on its way to becoming the mainstream, default way to handle a large faction of our IT load.”
Serverless computing architectures reduce the amount of overhead associated with offering services in the cloud. With Lambda, for example, the organization pays only for the compute time consumed — there is no charge when the code is not running.
Growing demand for serverless functions, however, poses a security threat to enterprises because most traditional security tools are not equipped to monitor these functions.
“In the severless trend, the function you want to execute remains,” Crowley said. “What is exiting stage right is the server itself. This reason this is important for security is that when you remove the server, you are depriving the security team of its traditional security tools: the security agent or anti-virus software you run on the software and the configuration of the server itself.”
Modeling Lambda functions with real-time alerts also provides DevOps with insights into possible misconfigurations that could inadvertently trigger spikes in unexpected processing use.