Background - We have an AWS environment spanning a few VPCs. In these VPCs we have about 1000 Docker containers that run on 250 AWS EC2 instances.
Question - If I load AMP for Endpoints on the AWS EC2 instances will it monitor the Dockers containers we build on these on EC2's or will I need to load AMP for Endpoints on all Dockers containers as well to get the protection?
We also have a lot of docker containers on AWS EC2 servers. We are considering a migration to AMP but we need to know if we need a client on each container or just the EC2 Host that they reside on. Sentinel One has a client that is installed on the EC2 instance that provides protection for all of the docker containers I am told its not the standard Sentinel One client. However we would much prefer to go with AMP since it ties into the rest of the Cisco security eco system. We have seen such improvements in the cloud based Cisco Security services over the past 18 months that we believe this would be a great investment to secure our future. If you like AMP you would love Umbrella and StealthWatch Cloud! We are also thrilled to see how Secure X will tie it all together.
AMP does not look inside Docker containers. Protection of a container require the agent running there.
Cyber security escalation engineer
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
