Research

Technologies and Applications of the Security Knowledge Graph – Employ Security Knowledge Graph and Join Hands for Cognitive Intelligence

June 28, 2022 | Jie Ji

Overview With the development of key information infrastructure technologies such as cloud computing, 5G, IoT, and the Industrial Internet, cyberspace has linked industrial physical systems, social systems of humans, and network information systems, becoming the cornerstone of the development of the digital economy. Meanwhile, the attack surface in cyberspace is extended and expanded accordingly, and […]

Zero Trust Network Access (ZTNA): Never Trust, Always Verify

June 20, 2022 | Jie Ji

After the prior two posts (SASE Popular Science Series – Understanding SD-WAN and SASE: The Relationship Between SD-WAN and SASE), you may already have a basic understanding of SD-WAN, which is used for network connections among users, assets and NSFOCUS Cloud in SASE. What security capabilities does NSFOCUS offer then? In the next few sessions, […]

Research and Analysis of Middlebox-based TCP Reflective Amplification Attacks

May 31, 2022 | Jie Ji

Abstract In August 2021, Kevin Bock and his team from the University of Maryland and the University of Colorado Boulder proposed a new TCP reflective amplification attack method initiated by the middlebox at the USENIX conference. (See more details at https://geneva.cs.umd.edu/papers/usenix-weaponizing-ddos.pdf) In mid-April this year, NSFOCUS spotted that one of its Cloud DDoS Protection Service […]

CASB, A Tech “Celebrity” from the Cloud Era

May 4, 2022 | Jie Ji

Debut of CASB With cloud computing being a key to industry revolution, more and more enterprises and organizations are discovering the benefits of storing and processing data in the cloud and migrating business systems from local data centers to the cloud. As business systems are migrated to the cloud, the security responsibility of enterprises has […]

Technical Report on Container Security (III)-2

December 11, 2018 | Adeline Zhang

Security Risks and Challenges—Security Threat Analysis Security Threat Analysis When we talk about security risks to containers, we mean security threats to hosts, to containers, and to the carried applications.

Technical Report on Container Security (III)-1

December 5, 2018 | Adeline Zhang

Security Risks and Challenges — Vulnerability and Security Risk Analysis Vulnerability and Security Risk Analysis As a specific implementation of the container technology, Docker is getting more and more popular in recent years. To some extent, Docker has become a typical representation of the container technology. Docker is based on the common client/server (C/S) architecture […]

Technical Report on Container Security (II)-3

November 22, 2018 | Adeline Zhang

Container Basics — Container Networking Container Networking From the evolutionary history of cloud computing systems, the industry has reached a consensus that, while constant breakthroughs have been made to drive the maturation of computing virtualization and storage virtualization, network virtualization has lagged behind, becoming a major bottleneck that encumbers the fast growth of cloud computing. […]

Technical Report on Container Security (II)-2

November 14, 2018 | Adeline Zhang

1 Image Metadata By default, in the Linux system, Docker data is stored in /var/lib/docker by default. However, different systems have different Docker storage drivers and directory structures.. This document uses Docker images in the OCI standard format as an example to describes how Docker images are stored.

11 Security Solutions for Small Business

Technical Report on Container Security (II)-1

November 7, 2018 | Adeline Zhang

Container Basics — Container Image Container Image Images are the basis of containers. The container engine service can use different images to launch different containers. After a container becomes faulty, the service can be promptly restored by deleting the faulty container and launching a new one thanks to the underlying technique of container images[i].