What's New

1

Added security scanning for third-party image repositories

HSS can scan third-party image repositories manually or periodically to detect vulnerabilities, baselines, malicious files, software information, file information, sensitive information, software compliance, and basic image information, helping you detect potential security risks in third-party images.

Editions: container edition

Commercial use

Accessing a Third-Party Image Repository

Managing Repository Images

2

Optimized the container cluster protection function

Added the security and compliance protection policy types. More than 20 protection policies are added, including restricting pods to start privileged containers, restricting the range of host directories that can be mounted to pods, restricting the Proc types that can be mounted to pods, and restricting Linux capabilities configured in pods. The protection policies meet container cluster protection requirements in different scenarios.

Editions: container edition

Commercial use

Container Cluster Protection

1

Added the API for querying the basic container information list

You can use the API to query the container list and learn about the container status, cluster, and risks.

Commercial use

Querying the Basic Container Information List

2

Added the API for querying the local image list

You can use the API to query the local image list and learn about the basic information and risks of local images.

Commercial use

Querying the Local Image List

1

Added the multi-cloud cluster management function

HSS supports unified management of third-party cloud clusters and IDC self-built clusters, and provides full-lifecycle security protection for containers.

Editions: container edition

Commercial use

Connecting to Container Assets

2

Added the monthly operation report

On the first day of each month, HSS generates a security operations summary report for last month. You can learn the asset security status and security configurations, analyze monthly operation report, and harden configurations and improve O&M efficiency accordingly.

Editions: all editions

Commercial use

Checking a Monthly Operation Report

3

Added the container audit function

Container audit monitors and records operations and activities of cluster containers, independent containers, and the image repositories of SoftWare Repository for Container (SWR). You can view and analyze their logs on the HSS console.

Editions: container edition

Commercial use

Container Audit Overview

1

Optimized policy management

• The container information module detection policy is added.

  Editions: container edition

• Modify a default policy can be applied to and saved to other enterprise projects of the same version when All projects is selected for Enterprise Project.

  Editions: professional, enterprise, premium, WTP, and container editions

• Optimized the configuration items of web shell detection, file protection, login security detection, malicious file detection, abnormal process behavior, root privilege escalation, real-time process, and rootkit detection policies.

  Editions: professional, enterprise, premium, WTP, and container editions

• Optimized the configuration items of asset discovery, configuration detection, and port scanning detection policies.

  Editions: premium, WTP, and container editions

Commercial use

Configuration Policy

2

Added the dynamic port honeypot function

The dynamic port honeypot function is a deception trap. It uses a real port as a bait port to induce attackers to access the network. In the horizontal penetration scenario, the function can effectively detect attackers' scanning, identify faulty servers, and protect real resources of the user.

You can enable the dynamic port honeypot using recommended ports or user-defined ports to deceive compromised servers and reduce the risk of resources intrusion.

Editions: premium, WTP, and container editions

Open beta testing

Dynamic Port Honeypot

3

IPv6 server security protection is supported

IPv6 server security protection is supported. multiple security management and defense capabilities are provided, such as asset management, vulnerability management, baseline check, and intrusion detection, meeting security protection requirements in multiple scenarios of customers.

Editions: all editions

Commercial use

HSS Functions

4

Optimized the container firewall function

The container firewall function allows you to configure security group policies to protect clusters of the cloud native network 2.0 model.

Editions: container edition

Commercial use

Container Firewall

5

Optimized the virus scanning and removal function

The function supports automatic isolation of virus files.

Editions: professional, enterprise, premium, WTP, and container editions

Open beta testing

Virus Scanning and Removal

6

Optimized vulnerability fixing

Fixing CCE kernel vulnerabilities may bring inconvenience to your services. When you use HSS to fix system vulnerabilities, batch fixing can automatically filter out CCE kernel vulnerabilities, vulnerability fixing for a single CCE kernel vulnerability is not supported.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Fixing Vulnerabilities

7

Optimized emergency vulnerability scanning

The emergency vulnerability scanning function can scan RunC container escape vulnerability.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Vulnerability Scan

1

Added the automatic quota binding function

After purchasing a yearly/monthly quota, you need to bind the quota to a server to enable protection. To prevent resource waste, you can enable the automatic quota binding function. HSS automatically binds quotas to unprotected servers.

Editions: all

Commercial use

Automatic Quota Binding

2

Optimize the alarm notification

Notify users of successful automatic isolation and killing of malicious programs, automatic blocking of ransomware, and automatic blocking of WTP.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Enabling Alarm Notifications

3

Optimize the agent installation and configuration

Use the same agent installation command for the same OS.

Editions: all

Commercial use

Installing an Agent

4

Optimize the vulnerability report

Vulnerability reports can be exported in PDF or HTML format.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Exporting a Vulnerability Report

5

Added the virus scanning and removal function

The function uses the virus detection engine to scan virus files on the server. The scanned file types include executable files, compressed files, script files, documents, images, and audio and video files. You can perform quick scan and full-disk scan on the server as required. You can also customize scan tasks and handle detected virus files in a timely manner to enhance the virus defense capability of the service system.

Editions: professional, enterprise, premium, WTP, and container editions

Open beta testing

Virus Scanning and Removal

6

Added the automatic agent upgrade function

The agent edition is continuously updated to improve server protection capabilities. Therefore, you need to periodically upgrade the agent to the latest version. If you cannot manually upgrade the agent in a timely manner, you are advised to enable the automatic agent upgrade function. HSS will automatically upgrade the agent to the latest version.

Editions: all

Commercial use

Automatic Agent Upgrade

7

Optimized container image security scanning

• Added security scanning of SWR enterprise edition images.

• Private images and shared images can be scanned for application vulnerabilities.

• Private images and shared images can be exported for baseline check reports.

Editions: container edition

Commercial use

Container Image

8

Added the emergency vulnerability scanning function

The emergency vulnerability scan function checks whether the software and any dependencies running on the server have vulnerabilities through version comparison and POC verification. Reports risky vulnerabilities to the console and provides vulnerability alarms for you.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Vulnerability Management

1

Cluster agent management

To enable protection for all containers in a CCE cluster or an on-premises Kubernetes cluster, you can use the cluster agent management function to install the agent in the cluster. After this function is enabled, you do not need to manually install the agent on new nodes or pods added to the cluster.

Editions: container edition

Commercial use

Installing the Agent in a Cluster

2

Backup before vulnerability fixing

Vulnerability fixing may fail and interrupt services. To avoid this problem, HSS enables you to back up servers before fixing vulnerabilities. If an exception occurs, you can restore servers to ensure service continuity.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Fixing Vulnerabilities

3

Optimized Dashboard page

The quota management, protection overview, and news modules are added to the HSS Dashboard page. You can easily check the quota usage, enabling status of key functions, and the latest vulnerability information. The security score criteria are optimized to help you quickly locate security risks and improve the security score.

Editions: all

Commercial use

Dashboard

4

Resource monitoring based on Cloud Eye

HSS uses Cloud Eye to perform monitoring over resources and operations, helping you monitor server security and receive alarms and notifications in real time.

Editions: all

Commercial use

Monitoring Security Risks

5

Optimized intrusion detection alarms

• The intrusion detection capability is enhanced. HIPS can detect intrusions in the Linux system. The following types of server and container alarms are added:

  • Servers: abnormal outbound connection and port forwarding

  • Containers: hacker tool, user password theft, file privilege escalation, port forwarding, and abnormal outbound connection

• The functions of checking and handling intrusion alarms are optimized:

  • ATT&CK phases, forensics, suggestions, and the handling records of similar alarms are added to alarm details, helping you quickly analyze and handle alarms.

  • You can add alarms to the whitelist and create whitelist rules to improve whitelist rule hits to reduce duplicate alarms.

  • When handling a single alarm or handling alarms in batches, you can select Handle duplicate alarms in batches to improve efficiency.

Editions: professional, enterprise, premium, WTP, and container editions

Commercial use

Handling Server Alarms

Handling Container Alarms

6

Container cluster protection

HSS can check for non-compliance baseline issues, vulnerabilities, and malicious files when a container image is started and report alarms on or block container startup that has not been unauthorized or may incur high risks. You can configure container cluster protection policies to block images with vulnerabilities, malicious files, non-compliant baselines, or other threats, hardening cluster security.

Editions: container edition

Commercial use

Enabling Container Cluster Protection

7

Optimized ransomware prevention

Ransomware prevention will be enabled with the HSS premium or higher edition.

Editions: premium, WTP, and container editions

Commercial use

Enabling Ransomware Prevention

8

Application process control

HSS can control different types of application processes on servers. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes.

Editions: premium, Web Tamper Protection (WTP), and container editions

Commercial use

Enabling Application Process Control

1

Container image security

• Vulnerability reports can be exported for local images.

• SWR private images support software compliance, basic image information scan, and vulnerability report export.

• SWR shared images support the scans on vulnerabilities, malicious files, and software information; and vulnerability report export.

Commercial use

Container Images

2

Server vulnerability management

The vulnerability management page is redesigned. The new functions are as follows:

• Vulnerability and server views: You can view the servers affected by a vulnerability in the vulnerability view; and view the vulnerabilities on a server in the server view.

• Vulnerability tags: Category tags are added for vulnerabilities and can be used to filter vulnerabilities.

• Vulnerability whitelist: After a vulnerability is added to the whitelist, its record displayed in the vulnerability list will be marked as ignored and no alarm will be reported. When a new vulnerability scan task is executed, this vulnerability will not be scanned or displayed.

• Vulnerability handling history: For vulnerabilities that have been handled, you can check who handled them, when then are handled, and the handling results.

• Automatic vulnerability scan policy: You can specify the scan schedule, scope, and servers for HSS to automatically scan for vulnerabilities.

Commercial use

Viewing Vulnerability Details

Managing the Vulnerability Whitelist

Viewing Vulnerability Handling History

Automatically Scanning for Vulnerabilities

3

Intrusion detection

• Added automatic blocking of reverse shells. To use this function, enable reverse shell detection, automatic blocking, and the automatic isolation and killing of malicious programs.

• Added the brute-force attack whitelist: To stop HSS from blocking an IP address suspected of brute-force attacks, you can edit the login security detection policy to add the IP address to the whitelist. You can also configure whether to generate alarms for the brute-force attacks launched from whitelisted IP addresses.

Commercial use

Malicious File Detection

Login Security Check

4

Container asset fingerprint

Information about accounts, auto-started items, clusters, services, workloads, and container instances can be collected to help you identify insecure container assets.

Commercial use

Viewing Container Asset Fingerprints

5

Container intrusion detection

• Added Docker and Containerd runtime detection.

• Alarms can be generated for brute-force attacks, malicious files, ransomware, process privilege escalation, and high-risk command executions in container runtime, helping you detect threats in assets in a timely manner.

Commercial use

Container Alarm Events

6

Container security response

You can isolate, suspend, kill, and restore containers with medium or higher security risks to prevent them from affecting secure containers.

Commercial use

Handling Risk Containers

7

Container firewall

The HSS container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.

Commercial use

Container Firewall

1

HSS professional edition

HSS provides the professional edition, where you can isolate and kill Trojans, and can scan for and fix vulnerabilities in a few clicks.

Commercial use

Purchasing an HSS Quota

1

The Docker plug-in is added to enhance container security.

To improve container security capabilities, the Docker plug-in must be installed for Docker containers (Linux).

Commercial use

Installing a Plug-in

2

Honeypot file protection for Windows

Honeypot files can be deployed in protected directories and important directories (except for the excluded directories specified by users) to trap possible ransomware. If an unknown ransomware attempts to encrypt a honeypot file, HSS immediately generates an alarm.

Commercial use

Enabling Ransomware Prevention

3

The Windows policy group supports antivirus and host intrusion prevention system (HIPS) detection policies.

You can set antivirus detection policies for Windows servers to report, isolate, and kill viruses. You can also set HIPS detection policies to detect registries, files, and processes; and to report alarms for suspicious operations such as abnormal changes.

Commercial use

Policy Group

4

Trojans, viruses, and worms can trigger HID alarms.

HSS can detect, generate alarms on, and remove Trojans, viruses, and worms that intrude servers.

Commercial use

Server Alarms

1

Privileged processes can be configured in the WTP edition.

If WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, add them to the privileged process list. Only the modification made by privileged processes can take effect. Modifications made by other processes will be automatically rolled back.

Commercial use

Adding a Privileged Process

2

Batch agent installation

The agent can be installed on multiple servers in batches.

Commercial use

Installing Agents in Batches

1

Free Scan on Unprotected Servers

Servers that are not protected by HSS are scanned once a week for free. A security report on their vulnerabilities, unsafe passwords, and asset risks will be generated.

Commercial use

Free Scan on Unprotected Servers

2

Manually Performing a Vulnerability Scan

You can manually scan servers for vulnerabilities.

Commercial use

Manually Performing a Vulnerability Scan

1

Upgrading Your Edition

You can upgrade to a higher edition and enjoy stronger security features.

Commercial use

Upgrading Your Edition

2

Batch Installing Agents

After creating a batch agent installation task, the system will install the agents automatically. You can enable protection for the target servers after the agents are installed successfully.

Commercial use

Batch Installing Agents