Tencent Container Security Service
- Product Introduction
- Operation Guide
- Vulnerability Detection
- Image Risk Management
- Cluster Risk Management
- Baseline Management
- Runtime Security
- Advanced Defense
- Abnormal Process
- File Tampering
- High-Risk Syscall
- Policy Management
- Container Network Policy
- Log Analysis
- Hybrid Cloud Installation Guide
- Troubleshooting
- API Documentation
- Making API Requests
- Network Security APIs
- Cluster Security APIs
- Security Compliance APIs
- Runtime security - High-risk syscalls
- Runtime Security - Reverse Shell APIs
- Runtime Security APIs
- Alert Settings APIs
- Advanced prevention - K8s API abnormal requests
- Asset Management APIs
- Security Operations - Log Analysis APIs
- Runtime Security - Trojan Call APIs
- Runtime Security - Container Escape APIs
- Image Security APIs
- Billing APIs
Overview
Last updated: 2024-01-23 15:44:44
Runtime security identifies hacker attacks adaptively, monitors and protects container runtime security in real time, and utilizes diversified security features, including container escape, reverse shell, and virus scanning.
Container escape: A container escapes from its permissions and accesses the host and other containers on the host by exploiting system vulnerabilities. As containers share the operating system kernel with the host, to prevent them from getting the host's root privileges, they are usually not allowed to run in privileged mode. TCSS categorizes risk events into three types based on the sequence of container escapes performed by intruders: container in risk, program privilege escalation, and container escape.
Containers in risk: Risks are found in the current container, such as sensitive path mount and privileged container, which may cause privilege escalation or escape.
Program privilege escalation: Privilege escalation events are detected on the container.
Container escape: The current container has escaped. In this case, you should immediately respond to the risky event with the recommended solution.
Reverse shell: Based on Tencent Cloud security technologies and multidimensional means, it recognizes and records reverse shell connections for real-time monitoring in the runtime container.
Virus scanning: It checks for risky files called by running containers in real time. You can also manually trigger a quick scan to check for malicious viruses, trojans, and web shells in the container.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No