Santa Clara, Calif. March 21, 2023 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced that its Metarget project has been included in CNCF Cloud Native Landscape in the field Security & Compliance of the Provisioning Category.
CNCF Introduction
The Cloud Native Computing Foundation (CNCF) was founded in 2015 by Google and the Linux Foundation, and is currently the most popular and fastest-growing foundation under the Linux Foundation. As an important project in CNCF, the Cloud Native Landscape aims to provide a resource map for cloud-native application users and help organizations and developers quickly have a full picture of cloud-native cloud native system. The recognition reflects the strong strength of NSFOCUS in cloud-native security.
What is Metarget
Metarget took its name from meta- + target. It is a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. The inspiration for the Metarget logo comes from the Kubernetes logo. NSFOCUS replaces the ship wheel in the Kubernetes logo with a gear and uses three gears to form a running infrastructure system. A closer look shows that the direction of the three gears is conflicting. That is, the system cannot operate normally.
The code is fully open-sourced at https://github.com/Metarget/metarget
Metarget supports automated building of two vulnerable environments, cloud-native components and containerization applications, to generate a multinode, multilayer cloud-native environment range, which can effectively help security researchers to learn and debug vulnerabilities and write and test specific PoC and ExP scripts. It can also improve the cloud-native attack and defense skills of red and blue teams and penetration testers. In addition, cloud-native security developers can deploy vulnerable environments with the help of the Metarget project to test the threat detection and response capabilities of the cloud-native defense system.
Continuously Innovate With Customers’ Needs in Mind
NSFOCUS is committed to protecting customers’ cloud-native business. NSFOCUS has developed the Cloud-Native Security Platform (CNSP) designed with the concept of “application-centric” protection to protect the building and distribution of container images and cloud-native orchestration and management components, and mitigate risks of container workloads during the runtime. The CNSP offers a variety of critical capabilities required by the Cloud-Native Application Protection Platform (CNAPP), including static application security testing (SAST) and dynamic application security testing (DAST), infrastructure as code (IaC), image vulnerability management, Kubernetes compliance check, container micro-segmentation, container network threat detection, container behavior anomaly detection, and micro-service API protection.
The CNSP offers granular visibility into cloud-native resources and security posture through a unified security management platform, thus helping customers’ SecOps teams promptly discover security threats in cloud-native environments and providing an easy-to-use handling mechanism. The CNAPP can embed various security capabilities into a complete DevOps pipeline to provide full-stack automated security protection for cloud-native applications, including code, containers, testing environments, and production environments, with a view to helping customers implement a DevSecOps culture in the cloud-native era.
NSFOCUS’s cloud-native security capabilities across the lifecycle of containerized business
For now, NSFOCUS has incubated several innovative products based on Metarget and other cloud-native security attack and defense research projects. One of the innovative products is the Cloud Native Intrusion and Attack Simulation System (CNBAS), which has been deployed for some enterprises to discover vulnerabilities in the cloud-native environment before they are exploited by attackers. NSFOCUS will continue to invest and innovate in the cloud-native field and actively cooperate and explore with ecological partners to secure customers’ cloud-native business.