By monitoring process creation, file changes and other behaviours within containers, Qingteng Sentry -Cloud Native Security Platform obtains behavioural characteristics, which are then examined by Qingteng's detection engines in order to detect viruses, mining, Webshell and other attacks in containers.
Taking the intrusion model defined in the ATT&CK framework as a reference, and combining it with the monitoring of runtime basic events to build an IOC model for analysis, we can effectively find the initial intrusion of remote vulnerability exploitation, fileless attacks, remote control bounce shell, port scanning, lateral movement, K8S anomalous calls and other behaviours.
Through the monitoring/learning of container process behaviour, file behaviour and network behaviour, container behaviour models are established to analyse abnormal deviation behaviour and discover unknown intrusion threats.
Each node in the attack path is monitored to ensure real-time discovery of compromised containers and alerts for incoming attacks.
Combining expert experience, threat intelligence, big data, machine learning and other analysis methods, we can effectively detect unknown hacker attacks, including ‘0Day’, through real-time monitoring and in-depth understanding of the user's container environment.
Lightweight Agent ensures comprehensive monitoring of container security without impacting business systems, providing efficient and reliable protection for users' container security.
Supported by the unique asset management capability, the product not only detects intrusions, but also provides detailed intrusions analysis and response measures, thus enabling users to solve problems accurately and efficiently.
