Research & Reports

Technical Report on Container Security (V)-2

March 20, 2019 | Mina Hao

Security Tools – NeuVector About NeuVector NeuVector[I] is the first company to take up development of Docker/Kubernetes security products. With a commitment to assuring the security of enterprise-wide container platforms, the company provides products that are suitable for deployment across multi-cloud and on-premises production environments.

Technical Report on Container Security (V)-1

March 13, 2019 | Mina Hao

Security Tools—Open-Source Security Tool Kubernetes In addition to commercial software, open-source software projects can also provide some security functions. This document describes several open-source projects that are usually used for protection of non-critical business.

Technical Report on Container Security (IV)

February 27, 2019 | Mina Hao

Container Security Protection – Application Security Application Security The ecosystem of the container technology is gradually established and various solutions become available in specific segments of containers, both of which lay a solid foundation for the container deployment. On the basis of the enterprise container deployment, the emergence of business processes revolving around container applications, […]

Technical Report on Container Security (IV)-7

February 20, 2019 | Mina Hao

Container Security Protection – Orchestration Security Orchestration Security The maturity of the container technology pushes the development and implementation of microservices. More and more enterprises choose to adopt a mircoservice architecture to build their applications. Container orchestration tools are responsible for managing container clusters that carry various services. Arguably, it is container orchestration tools that […]

Technical Report on Container Security (IV)-6

February 14, 2019 | Mina Hao

Container Security Protection – Runtime Security Runtime Security Security Configuration for Container Launch A container runs on the host as a process. Running container processes are isolated from one another. Each has its own file system, networking, and isolated process tree separate from the host. The following sections detail how to use the docker run[1] […]

NSFOCUS Releases IP Chain Gang Report on Behavior of Recidivist Hackers

January 30, 2019 | Devika Jain

  In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors that exhibit similar behavior among the various attacks conducted by the same gang. The report analyzes the IP Chain-Gangs attack types, volume, size of events, gang […]

Technical Report on Container Security (IV)-5

January 30, 2019 | Mina Hao

Container Security Protection – Container Network Security Container Network Security

Technical Report on Container Security (IV)-4

January 24, 2019 | Mina Hao

Container Security Protection – Image Security Image Security Images are the basis of containers. Therefore, their security speaks a lot for that of the entire container ecosystem. Container images are a series of images stacked layer by layer. They are distributed and updated through image repositories. The following sections describe how to secure images from […]

IP Reputation Report-01118019

January 18, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at January 18, 2019. CN dropped from 51% to 43% and US increased from 9% to 12% from last week. Top 10 countries in attack percentage: From the diagram […]

Technical Report on Container Security (IV)-3

January 16, 2019 | Mina Hao

Container Security Protection – Host Security Host Security Hardening of Basic Host Security Containers share the operating system kernel with the host. Therefore, host configuration determines whether containers can be executed in a secure manner. For example, vulnerable software puts the host at risk of arbitrary code execution; opening ports at will exposes the host […]