With the rapid development of cloud computing, container technology has gradually become mainstream. However, with the popularity of containers, security concerns are becoming more and more prominent. In order to solve this problem, SafeDog has launched a cloud-native container security management system - Yunjia.
Cloud armor is an important part of SafeDog cloud native security, which uses advanced cloud native technology to provide comprehensive security guarantee for containers.
Based on the concept of cloud-native security (CNAPP), the security lifecycle of the entire cloud-native container is automatically detected, analyzed, and processed to defend against security threats. In terms of protection technology, we use advanced methods such as vulnerability operation, intelligent detection, machine learning, and threat** to ensure the security of container applications based on the DevOps lifecycle. CloudA supports two deployment modes: host security agent and secure container, which can not only achieve comprehensive protection of cloud-native containers, but also flexibly combine with the container orchestration system.
SafeDog Cloud Native Security - Cloud Native Container Security Management System.
With the rapid development of cloud computing, container technology has gradually become mainstream. However, with the popularity of containers, security concerns are becoming more and more prominent. In order to solve this problem, SafeDog has launched a cloud-native container security management system - Yunjia.
Cloud armor is an important part of SafeDog cloud native security, which uses advanced cloud native technology to provide comprehensive security guarantee for containers.
Based on the concept of cloud-native security (CNAPP), the security lifecycle of the entire cloud-native container is automatically detected, analyzed, and processed to defend against security threats. In terms of protection technology, we use advanced methods such as vulnerability operation, intelligent detection, machine learning, and threat** to ensure the security of container applications based on the DevOps lifecycle. CloudA supports two deployment modes: host security agent and secure container, which can not only achieve comprehensive protection of cloud-native containers, but also flexibly combine with the container orchestration system.
Cover container security lifecycle security
Transparently and comprehensively collect image container assets, introduce virus detection, anomaly monitoring, and compliance scanning in the image construction stage, cut off malicious agents into the running environment, monitor the security of the container runtime and deployment environment in real time in the running environment, monitor pods, container traffic access, and support the configuration of blocking and isolation response policies to ensure the security of the container cloud in an all-round way. Fully compatible with the information innovation environment.
The server and agent are compatible with ARM, x86 chip architecture, and mainstream Xinchuang operating systems.
Refined asset management
One-click asset search can be used for keyword full-text search to quickly locate assetsWhen a 0-day security vulnerability occurs in a certain type of asset, you can quickly search for the containers containing the risky asset and its associated pods, clusters, nodes, and other information on the entire network. It helps users quickly determine the scope of vulnerability impact and provides a basis for decision-making for further risk disposal. In addition, Asset Portrait aggregates all kinds of static, dynamic, and correlated media data that are scattered and isolated in containers. The portrait label algorithm is constructed from the three dimensions of basic asset information, vulnerability risks, and security events, so that the overall asset status can be "clear, complete, clear, and responsive", which is clear at a glance. Multi-dimensional cloud-native advanced threat detection technology.
CloudA provides comprehensive, cloud-native advanced threat detection. Through artificial intelligence technology, cloud-native runtime self-protection technology, and machine learning technology, it can identify unknown, obfuscated, encrypted webshells, memory horses, container escapes, high-risk commands and other threats with high accuracy, and have the interpretation of the recognition results.
Complete visualization of the software ** chain map
By drawing a dependency chain diagram covering J**A, Python, GO, C C++, and NodeJS mainstream open source components, Yunjia completely and visually displays the cloud native image software chain to help developers quickly find and solve vulnerabilities and license compliance problems caused by the use of open source components. Product features.
Cloud A is composed of modules such as dashboard, asset management, image security, container security, network security, service application security, infrastructure security, and compliance baseline, and each module is linked to form the security protection of the whole life cycle of cloud-native containers.
Mirror Scan:
Supports security scanning of host and repository images and configuration of blocking policies during the build phase, distribution phase, and before running. Prevent insecure images with viruses, Trojans, high-risk vulnerabilities, and sensitive information from being instantiated into containers, bringing security risks to the production environment and shifting security to the left. Asset Collection:
Comprehensively and fine-grained collection of dynamic and static asset information on images, containers, warehouses, and hosts, and establish IT asset ledgers. Through one-click search, change analysis, asset portrait and other functions, it helps users achieve refined asset management.
Cybersecurity:
Collect network traffic between clusters, namespaces, pods, containers, and processes to visually display network access relationships and set access control policies based on business needs.
Runtime Safety:
Comprehensive threat monitoring capabilities at runtime. It supports real-time monitoring of security events such as memory horses, viruses, Trojans, shells, process behaviors, and real-time escapes, and continuously improves detection capabilities by regularly updating detection rules and providing custom functions, and supports self-learning to generate models for processes, files, and network access behaviors of content devices over a period of time. When out-of-model behaviors occur, alarms or blocks are supported to help users quickly discover unknown threats.
Safely shift left
Cloudarmor can solve a series of problems that affect the timely launch of images, such as webshells, viruses, sensitive information leakage, suspicious historical records, third-party components containing known vulnerabilities, and high-risk vulnerabilities. By practicing "shift left" security, you can prevent security risks from entering the production environment.
Detect advanced threat intrusions while containers are running
CloudA can effectively detect advanced threats during container runtime, such as container web RCE attacks, memory horse attacks, container escape attacks, virus implantation, and webshell implantation.
Detect unknown risks when a container is running
Through self-learning of container process events, file events, and network events for a certain period of time, the container behavior model is built to generate alarms for behaviors outside the modelYou can manually adjust the behavior inside and outside the model to make the model more accurate, so as to detect abnormal behavior that may occur during container operation and send alerts.
Achieve micro-isolation in container environments
In order to solve problems such as the invisible east-west traffic of container clusters and the infiltration of attackers into the intranet, Yunjia can effectively block security risks by implementing micro-isolation in the K8S environment.
Containers are tamper-proof
It supports multiple configurations, such as prohibiting the creation, deletion, execution, reading, and writing of files and foldersIn the event that a file is tampered with, the file is restored and the data that has not been tampered with is returnedIn the case of tampering, the tampered prompt screen is returnedCreate tamper-proof policies that are suitable for different container scenarios.
Empower infrastructure security
CloudA builds a compliance baseline for full-stack runtime environments such as Docker, Kubernetes, Openshift, operating systems, middleware, and databases based on CIS, and supports compliance requirements such as common PCI and classified protection laws and regulationsBuild a cloud-native vulnerability database and build IAC scanning capabilities for orchestrated files such as K8S YAML files and DockerfilesThrough the key to automatically detect and provide inspection results and first-level remediation recommendations, enterprises can find and repair vulnerable points in a timely manner.
In short, SafeDog Cloud Native Container Security Management System - Cloud Armor has functions such as real-time monitoring, intrusion detection, vulnerability scanning, identity authentication and access control, logs and alarms, and automated operation and maintenance, which can provide comprehensive security guarantee for containers. At the same time, Yunjia also supports cross-platform deployment and use, which can meet the needs of different users.