SDxCentral
Join Log In
SD-WAN 5G Edge 1 IoT SDN NFV Containers Cloud Security AI Data Center Storage APM/NPM Open Source

Log In to SDxCentral

Log in with your email? Forgot your password?
  • Newsletters
  • eBriefs
  • Podcasts
  • Webinars
  • Videos
  • Directory
  • White Papers
  • Resources
  • Use Cases
  • Support

Join SDxCentral and get information tailored to your particular interests everyday.

Join
Sponsored:
Dell EMC Citrix Riverbed

PureSec Releases ‘Free’ Basic AWS Lambda Serverless Security

PureSec Releases 'Free' Basic AWS Lambda Serverless Security
Dan Meyer
Dan MeyerSeptember 6, 2018
11:39 am MT
Email LinkedIn Facebook Twitter Reddit Hacker News

PureSec is offering a free serverless security protection library for Amazon Web Services (AWS) Lambda functions. The move comes as the serverless security space is attracting increased attention from established players and new entrants.

The PureSec FunctionShield library allows developers to tighten security behavior of serverless runtimes and protect against unwanted activities. The library can be installed as a code dependency that allows developers to use code to define a protection posture. It also provides real-time security forensic information from inside of the serverless runtime that is directed into the AWS CloudWatch logging service.

PureSec CTO and Co-Founder Ory Segal explained that the vendor released the library as a “contribution to the serverless community.” He said that it can be downloaded in five minutes and is not limited to current PureSec customers.

“The main reason for this was to help new developers who are making their first steps in serverless with gaining confidence in these architectures,” Segal said. “When using serverless you lose some visibility and control over the runtime environment, which make some developers feel ill-at-ease.”

Current support is limited to Javascript-based Node.js runtime and Python programming language functions running on AWS Lambda. Though that shouldn’t be much of an issue as the Lambda platform dominates the serverless computing space.

PureSec noted that some companies have been taking alternate steps to isolate their sensitive AWS Lambda functions. This includes the use of a virtual private cloud (VPC) and using a network address isolation (NAT) gateway to monitor outbound traffic.

However, the vendor said that its platform is superior to this model because it allows developers to disable unnecessary outbound internet connections, disable unnecessary disk operations, and disable shell process executions that are not needed by a function.

Segal explained that the free library targets these three use cases that “we’ve heard people mention over and over.” However, he noted that the free version does not include the “enterprise-grade features that one would expect from an end-to-end serverless security platform” and is “definitely not” a full-featured platform that can deal with all serverless security threats.

Serverless Risks

Serverless potentially is more secure than containers or virtual machines (VMs) for a number of reasons. The technology doesn’t rely on traditional servers, and thus the presence of vulnerable binaries is eliminated; denial of service attacks are limited in scope and become billing issues; and serverless immutability eliminates reliance on potentially compromised servers.

However, serverless is generally more difficult to monitor because of the lack of a centralized server. There’s the potential for a larger attack due to the increased flexibility of serverless. And there remain challenges in securing third-party services during transit.

“These architectures complicate security protection strategies because there’s no OS [operating system] or container to instrument,” said Neil MacDonald, a vice president and distinguished analyst at Gartner, in a recent report. “In most cases, these services are used in conjunction with VM- and container-based architectures, so a traditional (cloud workload protection platform) provides partial protection.”

PureSec earlier this year released a report that found that 21 percent of open source serverless projects contained at least one critical vulnerability or misconfiguration. The research also found that 6 percent of those projects had application secrets like API keys or credentials available in public code repositories.

That report was followed by one from Protego that found 98 percent of serverless deployments had some level of security risk and that 16 percent of those were considered to be at a “serious” risk.

Serverless Security Space

That risk – and opportunity – of serverless security is creating interest from established players in the container ecosystem and new entrants that are focused exclusively on serverless.

Twistlock, which comes from the container security ecosystem, has been adding serverless platform support. The vendor in June added serverless runtime defense capabilities to its cloud-native security platform. That move provides whitelist-based threat protection to serverless functions running on cloud platforms like AWS Lambda, Google Cloud Functions, and Microsoft Azure Functions.

Protego emerged from stealth mode in May with $2 million in funding and a focus on the serverless security space. Protego Co-Founder and CTO Hillel Solow said he sees the company’s efforts as a compliment to the embedded security efforts offered by the large cloud providers.

“We worry more about the pure-play providers since those with a broader focus can overlook some of gaps that make serverless different from other cloud platforms,” Solow said.

A Gartner report found that more than 20 percent of global enterprises will deploy serverless technologies by 2020 compared with less than 5 percent today.

Related Articles

IBM and Google Create New Certifications for Data Scientist and Cloud Skills
IBM and Google Create New Certifications for Data Scientist and Cloud Skills
VMware PKS Update Embraces Azure, Kubernetes Security
VMware PKS Update Embraces Azure, Kubernetes Security
TriggerMesh Clears Serverless Bridge Between AWS Lambda Knative
TriggerMesh Clears Serverless Bridge Between AWS Lambda, Knative
Arista Works with Red Hat and Tigera on Container Environments for Enterprises
Arista Works With Red Hat and Tigera on Container Environments for Enterprises
StackPath EdgeEngine Uses Serverless to Strip Edge Deployment Complexity
StackPath EdgeEngine Uses Serverless to Strip Edge Deployment Complexity
AWS Firecracker Further Blurs Container Serverless Management
AWS Firecracker Further Blurs Container, Serverless Management
SDxCentral Daily News

Join your Peers! Subscribe to SDxCentral's Newsletter

Article Tags:

Amazon Web Services (AWS) Breaking News Cloud Containers PureSec Security Serverless Twistlock

Dan Meyer

About Dan Meyer

Dan Meyer is a Senior Editor at SDxCentral, with a focus on containers, lifecycle service orchestration, cloud automation and DevOps. Dan has been covering the telecommunications space for more than 17 years. Prior to SDxCentral, Dan was Editor-In-Chief at RCR Wireless News.

Have a story? Have a News Tip?

Send it to SDxCentral editors as editors@sdxcentral.com.

Subscribe to Get the Daily News!

About SDxCentral

  • Newsletters
  • About Us
  • Contact Us
  • Work With Us
  • Editorial Team
  • Careers
  • Legal
  • Support

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

© 2012-2019 SDxCentral, LLC, All Rights Reserved. SDNCentral™, the SDNCentral logo, SDxCentral™, SDxCentral logo, SDxNews™, SDxTech™, SDx™, the SDx logo, and DemoFriday™ are trademarks of SDxCentral, LLC in the U.S. and other countries.

  • Terms of Service
  • Privacy