EDR for Cloud Workloads Running on AWS Graviton

SentinelOne is pleased to announce its EDR for cloud workloads has achieved the AWS Graviton Ready Designation for the AWS Graviton3 processor. AWS Graviton Ready solutions are vetted by AWS Partner Solution Architects to ensure customers have a consistent experience. As part of the AWS Graviton Ready Program, SentinelOne stands ready to help customers secure their Linux-based and containerized workloads, defending them from runtime threats such as cryptojacking malware and ransomware.

Graviton3 will be a boon for compute-intensive cloud workloads. Let’s start first with a brief intro to Graviton3, and then dive into the role of EDR in a multi-layered cloud security strategy.

A Brief Overview of Graviton3

The Graviton3 processor is AWS’ 7th generation processor and is the second generation to use the arm64 architecture. EC2 instances based on Graviton3 have several advantages which make them ideal for compute-intensive workloads, namely higher performance and lower power consumption.

Graviton3 delivers 25% improvement in performance when compared to its 6th gen predecessor Graviton2, which itself realized a 40% improvement over the 5th generation x86 CPU. Graviton3 also delivers 2x memory speed with its use of DDR5 memory.

Graviton3 also uses up to 60% less energy. For those organizations focused on reducing their carbon footprint while accelerating their digital transformation, Graviton3 is an attractive choice.

Cloud Rising, Cloud Defense-in-Depth

Cloud IaaS is projected to reach $120 billion in 2022, according to Gartner. That’s up about 30% Year-on-Year as organizations of all sizes continue to expand their cloud spend. To punctuate the point that “organizations of all sizes” applies, consider that over half of SMBs spend at least $1.2 million on cloud annually, whereas 37% of enterprises spend 10x that amount. And cloud security, for the 10th time in the last 11 years, remains the top concern of IT executives, at 85%.

Pause and consider that combination for a moment: everyone is concerned about cloud security and is accelerating their cloud spend despite those concerns. Innovation is king, and business operations depend upon the confidentiality, availability, and integrity of cloud workloads. This is where EDR for cloud workloads fits in, and it’s where a cloud defense-in-depth strategy begins to take shape.

Of course, image scanning is ubiquitous. Practically everyone is, and rightly should be, taking this necessary step, and there are any number of solutions out there. But image scanning alone is not enough. If it were, cloud security would not remain consistently atop the list of concerns of IT executives – remember, 10 of the last 11 years it was the topmost concern.

Defense-in-depth is required. In addition to image scanning, additional security layers of IAM (Identity and Access Management), cloud-native architecture, configuration management, and EDR each play important, complementary roles. It’s not any element in isolation, but the combination of all the layers that makes for robust security. And this robust cloud defense-in-depth strategy must not stand in the way of innovation.

EDR for Cloud Workloads

After you’ve scanned for software vulns, architected an elegant workload, applied IAM roles, and are managing the configuration of cloud resources like compute instances, cloud storage, virtual private clouds, and so on, you promote your workload to production. EDR is the last line of defense, hardening your cloud workloads against the threat of malware like cryptominers and ransomware, while enabling you to innovate quickly, and securely.

  • Crypto mining malware. Crypto mining is computationally intensive and costly, using an estimated 25% of a CPU’s processing capacity. Threat actors install malware on your cloud infrastructure to hijack/steal compute power – they keep the crypto currency, you keep the bill. This process is called cryptojacking. According to a report from Google Cybersecurity Action Team in Nov 2021, in a sample of cloud compute instances, 86% had malware used to mine cryptocurrency. Similarly, Cisco reported that in 2020 an estimated 70% of its customers were victims of crypto mining malware.

    EDR solutions like that from SentinelOne can detect the crypto mining malware and stop it in its tracks. With SentinelOne, you can continue to innovate quickly with the confidence that our EDR is your backstop, using AI to detect and kill rogue processes like crypto miners and ransomware.

  • Vulnerability exploits. Consider also the Log4j vulnerability (CVE-2021-44228) announced in December 2021. Soon after its announcement, threat actors began scanning for publicly-exposed cloud servers which were vulnerable. Despite the late month, Log4j was the second most exploited vulnerability in 2021. Here again, EDR can prove a robust defense.
  • Linux ransomware. Ransomware is not just for Windows workstations. There was a 146% increase in Linux ransomware code variants in 2021. Threat actors know that cloud is big business, and they are turning all the door knobs to see who left the front door to their cloud enterprise unlocked. EDR with behavioral AI can detect such machine-speed attacks in real-time, to stop the evil in its tracks.

Parting Thoughts

None of this is intended as doom, gloom, or FUD. We do, however, look at threats and threat actors with clear eyes. Like you, our cloud journey continues to accelerate. To minimize risk, we use a robust, multi-layered defense-in-depth strategy that includes our own high-performant, efficient, and scalable EDR solution. Our agent supports 13 major Linux distributions and is trusted by many of the world’s most well-known brands. We would welcome the opportunity to earn the right to protect your brand as well.

Are you headed to AWS re:Inforce 2022? Let’s meet! We would love to discuss your own cloud journey, and how SentinelOne can protect your cloud workloads, including those running on EC2 instances using AWS Graviton3.

Or, if you will not be there, please visit Singularity Cloud to learn more or request a demo.