Securing Hybrid Cloud Containerized Workloads in AWS ECS Anywhere with SentinelOne Singularity

SentinelOne Announces Day 1 Support for Amazon ECS Anywhere

As a further commitment to AWS customers, SentinelOne has announced Day 1 support for AWS’ new Amazon Elastic Container Service (ECS) Anywhere. ECS Anywhere is an evolution of Amazon’s popular Elastic Container Service – a fully managed container orchestration service that helps quickly deploy, manage and scale containerized applications. ECS Anywhere extends the container orchestration capabilities of Amazon ECS to containers running in hybrid cloud environments.

Securing Hybrid Cloud

Many organizations are leaning into a cloud-first approach; however, some critical workloads remain on-premises due to business or compliance requirements and many still have existing investments in on-premises data center infrastructure. According to Flexera’s 2021 State of the Cloud Report, 82 percent of organizations have a hybrid cloud strategy. Hybrid cloud gives the best of both worlds – the scalability, elasticity, and cost benefits of the public cloud with a bridge to leverage existing multi-cloud and on-premises infrastructure investments.

Singularity Cloud Workload Security extends security and visibility to assets running on public clouds, private clouds, and on-premises data centers. Security teams can manage both Linux and Windows servers and Docker/Kubernetes containers from one platform.  Singularity Cloud brings industry-leading protection and EDR to cloud workloads, as evidenced by the 2020 MITRE Engenuity ATT&CK evaluation, where SentinelOne delivered 100% visibility and zero misses across emulated activity from the Carbanak/FIN7 advanced threat groups.

How Does ECS Anywhere Work?

ECS Anywhere extends the rich capabilities of Amazon ECS to on-premises infrastructure, enabling the easy deployment and management of containerized workloads no matter where they run. The ECS Anywhere solution is a hybrid cloud control plane to manage containers anywhere with no complex orchestration needed. Whether run in AWS or on-premises, customers will have the same cluster management, workload scheduling, and monitoring they are familiar with in Amazon ECS. The homogeneous management enables consistent operational models across cloud and on-prem environments.

Additionally, ECS Anywhere brings elastic scalability to the data center to accommodate spikes in workload demand. ECS Anywhere enables containerized applications running on-premises to use existing infrastructure as base capacity and burst excess demand to ECS containers running in AWS. The hybrid operating model optimizes utilization of sunk CapEx investments in existing infrastructure while providing the hyper-scale of the AWS cloud. This model makes it easier to containerize existing on-premises applications, with the flexibility to migrate to the cloud later.

What Does SentinelOne Bring To ECS Anywhere?

The SentinelOne solution works flawlessly with the new ECS Anywhere service. Simply install the SentinelOne agent onto the Linux compute resources being used to power your ECS Anywhere clusters and enjoy all the best that SentinelOne has to offer.

A single featherweight Sentinel agent delivers runtime, AI-driven protection, detection, and response at machine speed across the hybrid cloud estate. The Kubernetes Sentinel brings ActiveEDR™ to Docker containers and both self-managed and managed Kubernetes services like EKS, ECS and ECS Anywhere with automated kill and quarantine, application control, and complete remote shell forensics.

Our agent is DevOps friendly – auto-deployed as a DaemonSet, a single, resource-efficient Kubernetes Sentinel agent that protects the K8s worker, its pods, and containers without any container instrumentation to gum up the works. Plus, our agent operates entirely in user space: no tainted kernels, no kernel panics, and freedom to update your AMI at will without fear of conflicting with the Sentinel agent.

SentinelOne gathers cloud metadata from the workload, making it easy to tag, group and manage policy based on the workload characteristics. In this case, the agent can see the information about the workload and its underlying Docker container. To simplify management, we can take all instances with a particular image ID and apply a more granular or hardened policy.

“Since Amazon ECS Anywhere is about choice, flexibility, and simplicity to fuel customer innovation, it is only natural that SentinelOne partners with AWS to secure customers’ digital transformation,” says Ric Smith, Chief Technology Officer, SentinelOne. “Our Singularity™ Platform delivers industry-leading protection and XDR to containerized workloads, whether on-premises or in AWS.”

Customers around the world choose SentinelOne to secure their digital transformation. SentinelOne was recently named a Leader in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms1 and was the only vendor to score highest across all three critical capabilities use cases in the 2021 Gartner Critical Capabilities for Endpoint Protection Platforms2. No matter your organizational needs, when it comes to delivering autonomous cybersecurity for endpoint, cloud, and IoT, SentinelOne is the right choice.

SentinelOne delivers cloud security outcomes, including:

  • Consolidation
    • The Singularity platform consolidates security functions for protecting, detecting, and responding to threats across endpoints, cloud workloads, and IoT. Manage multi-cloud security with a single, SaaS platform built on AWS to remove friction and increase productivity.
  • Enterprise-Grade EDR for Virtual Machines and Containers
    • Cloud VMs and containers are just as vulnerable to zero-day attacks and malware as user endpoints.  Runtime protection, detection, and response are key to cloud workload security. SentinelOne delivers full-featured workload protection and EDR, with cloud metadata integration to facilitate remote forensics and cloud ops management.
  • Agility
    • SentinelOne operates entirely in user space: no tainted kernels, no kernel panics, and freedom to update your AMI at will without fear of conflicting with the Sentinel agent. Keeps your users’ endpoints and workloads secured so that they can continue to innovate at full throttle.

SentinelOne is powered by AWS and is available on the AWS Marketplace. Learn more about SentinelOne and AWS or join our upcoming webinar to see how SentinelOne brings AI-powered threat prevention, detection, and response to AWS workloads.


GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1. Gartner, Magic Quadrant for Endpoint Protection Platforms, Paul Webber, Peter Firstbrook, Rob Smith, Mark Harris Prateek Bhajanka, 5 May 2021.
2. Gartner, Critical Capabilities for Endpoint Protection Platforms, Mark Harris, Peter Firstbrook, Rob Smith, Paul Webber Prateek Bhajanka, 6 May 2021.