What's New
The tables below describe the functions released in each Host Security Service version and corresponding documentation updates. New features will be successively launched in each region.
September 2024
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Added security scanning for third-party image repositories |
HSS can scan third-party image repositories manually or periodically to detect vulnerabilities, baselines, malicious files, software information, file information, sensitive information, software compliance, and basic image information, helping you detect potential security risks in third-party images. Editions: container edition |
Commercial use |
|
2 |
Optimized the container cluster protection function |
Added the security and compliance protection policy types. More than 20 protection policies are added, including restricting pods to start privileged containers, restricting the range of host directories that can be mounted to pods, restricting the Proc types that can be mounted to pods, and restricting Linux capabilities configured in pods. The protection policies meet container cluster protection requirements in different scenarios. Editions: container edition |
Commercial use |
July 2024
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Added the API for querying the basic container information list |
You can use the API to query the container list and learn about the container status, cluster, and risks. |
Commercial use |
|
2 |
Added the API for querying the local image list |
You can use the API to query the local image list and learn about the basic information and risks of local images. |
Commercial use |
June 2024
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Added the multi-cloud cluster management function |
HSS supports unified management of third-party cloud clusters and IDC self-built clusters, and provides full-lifecycle security protection for containers. Editions: container edition |
Commercial use |
|
2 |
Added the monthly operation report |
On the first day of each month, HSS generates a security operations summary report for last month. You can learn the asset security status and security configurations, analyze monthly operation report, and harden configurations and improve O&M efficiency accordingly. Editions: all editions |
Commercial use |
|
3 |
Added the container audit function |
Container audit monitors and records operations and activities of cluster containers, independent containers, and the image repositories of SoftWare Repository for Container (SWR). You can view and analyze their logs on the HSS console. Editions: container edition |
Commercial use |
March 2024
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Optimized policy management |
|
Commercial use |
|
2 |
Added the dynamic port honeypot function |
The dynamic port honeypot function is a deception trap. It uses a real port as a bait port to induce attackers to access the network. In the horizontal penetration scenario, the function can effectively detect attackers' scanning, identify faulty servers, and protect real resources of the user. You can enable the dynamic port honeypot using recommended ports or user-defined ports to deceive compromised servers and reduce the risk of resources intrusion. Editions: premium, WTP, and container editions |
Open beta testing |
|
3 |
IPv6 server security protection is supported |
IPv6 server security protection is supported. multiple security management and defense capabilities are provided, such as asset management, vulnerability management, baseline check, and intrusion detection, meeting security protection requirements in multiple scenarios of customers. Editions: all editions |
Commercial use |
|
4 |
Optimized the container firewall function |
The container firewall function allows you to configure security group policies to protect clusters of the cloud native network 2.0 model. Editions: container edition |
Commercial use |
|
5 |
Optimized the virus scanning and removal function |
The function supports automatic isolation of virus files. Editions: professional, enterprise, premium, WTP, and container editions |
Open beta testing |
|
6 |
Optimized vulnerability fixing |
Fixing CCE kernel vulnerabilities may bring inconvenience to your services. When you use HSS to fix system vulnerabilities, batch fixing can automatically filter out CCE kernel vulnerabilities, vulnerability fixing for a single CCE kernel vulnerability is not supported. Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
|
7 |
Optimized emergency vulnerability scanning |
The emergency vulnerability scanning function can scan RunC container escape vulnerability. Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
December 2023
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Added the automatic quota binding function |
After purchasing a yearly/monthly quota, you need to bind the quota to a server to enable protection. To prevent resource waste, you can enable the automatic quota binding function. HSS automatically binds quotas to unprotected servers. Editions: all |
Commercial use |
|
2 |
Optimize the agent installation and configuration |
Use the same agent installation command for the same OS. Editions: all |
Commercial use |
|
3 |
Optimize the alarm notification |
Notify users of successful automatic isolation and killing of malicious programs, automatic blocking of ransomware, and automatic blocking of WTP. Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
|
4 |
Optimize the vulnerability report |
Vulnerability reports can be exported in PDF or HTML format. Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
|
5 |
Added the virus scanning and removal function |
The function uses the virus detection engine to scan virus files on the server. The scanned file types include executable files, compressed files, script files, documents, images, and audio and video files. You can perform quick scan and full-disk scan on the server as required. You can also customize scan tasks and handle detected virus files in a timely manner to enhance the virus defense capability of the service system. Editions: professional, enterprise, premium, WTP, and container editions |
Open beta testing |
|
6 |
Added the automatic agent upgrade function |
The agent edition is continuously updated to improve server protection capabilities. Therefore, you need to periodically upgrade the agent to the latest version. If you cannot manually upgrade the agent in a timely manner, you are advised to enable the automatic agent upgrade function. HSS will automatically upgrade the agent to the latest version. Editions: all |
Commercial use |
|
7 |
Optimized container image security scanning |
Editions: container edition |
Commercial use |
|
8 |
Added the emergency vulnerability scanning function |
The emergency vulnerability scan function checks whether the software and any dependencies running on the server have vulnerabilities through version comparison and POC verification. Reports risky vulnerabilities to the console and provides vulnerability alarms for you. Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
October 2023
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Backup before vulnerability fixing |
Vulnerability fixing may fail and interrupt services. To avoid this problem, HSS enables you to back up servers before fixing vulnerabilities. If an exception occurs, you can restore servers to ensure service continuity. Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
|
2 |
Cluster agent management |
To enable protection for all containers in a CCE cluster or an on-premises Kubernetes cluster, you can use the cluster agent management function to install the agent in the cluster. After this function is enabled, you do not need to manually install the agent on new nodes or pods added to the cluster. Editions: container edition |
Commercial use |
|
3 |
Resource monitoring based on Cloud Eye |
HSS uses Cloud Eye to perform monitoring over resources and operations, helping you monitor server security and receive alarms and notifications in real time. Editions: all |
Commercial use |
|
4 |
Optimized Dashboard page |
The quota management, protection overview, and news modules are added to the HSS Dashboard page. You can easily check the quota usage, enabling status of key functions, and the latest vulnerability information. The security score criteria are optimized to help you quickly locate security risks and improve the security score. Editions: all |
Commercial use |
|
5 |
Optimized intrusion detection alarms |
Editions: professional, enterprise, premium, WTP, and container editions |
Commercial use |
|
6 |
Container cluster protection |
HSS can check for non-compliance baseline issues, vulnerabilities, and malicious files when a container image is started and report alarms on or block container startup that has not been unauthorized or may incur high risks. You can configure container cluster protection policies to block images with vulnerabilities, malicious files, non-compliant baselines, or other threats, hardening cluster security. Editions: container edition |
Commercial use |
|
7 |
Optimized ransomware prevention |
Ransomware prevention will be enabled with the HSS premium or higher edition. Editions: premium, WTP, and container editions |
Commercial use |
|
8 |
Application process control |
HSS can control different types of application processes on servers. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes. Editions: premium, Web Tamper Protection (WTP), and container editions |
Commercial use |
July 2023
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Container image security |
|
Commercial use |
|
2 |
Server vulnerability management |
The vulnerability management page is redesigned. The new functions are as follows:
|
Commercial use |
Managing the Vulnerability Whitelist |
3 |
Intrusion detection |
|
Commercial use |
|
4 |
Container intrusion detection |
|
Commercial use |
|
5 |
Container asset fingerprint |
Information about accounts, auto-started items, clusters, services, workloads, and container instances can be collected to help you identify insecure container assets. |
Commercial use |
|
6 |
Container security response |
You can isolate, suspend, kill, and restore containers with medium or higher security risks to prevent them from affecting secure containers. |
Commercial use |
|
7 |
Container firewall |
The HSS container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks. |
Commercial use |
June 2023
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
HSS professional edition |
HSS provides the professional edition, where you can isolate and kill Trojans, and can scan for and fix vulnerabilities in a few clicks. |
Commercial use |
March 2023
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
The Docker plug-in is added to enhance container security. |
To improve container security capabilities, the Docker plug-in must be installed for Docker containers (Linux). |
Commercial use |
|
2 |
Honeypot file protection for Windows |
Honeypot files can be deployed in protected directories and important directories (except for the excluded directories specified by users) to trap possible ransomware. If an unknown ransomware attempts to encrypt a honeypot file, HSS immediately generates an alarm. |
Commercial use |
|
3 |
The Windows policy group supports antivirus and host intrusion prevention system (HIPS) detection policies. |
You can set antivirus detection policies for Windows servers to report, isolate, and kill viruses. You can also set HIPS detection policies to detect registries, files, and processes; and to report alarms for suspicious operations such as abnormal changes. |
Commercial use |
|
4 |
Trojans, viruses, and worms can trigger HID alarms. |
HSS can detect, generate alarms on, and remove Trojans, viruses, and worms that intrude servers. |
Commercial use |
January 2023
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Privileged processes can be configured in the WTP edition. |
If WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, add them to the privileged process list. Only the modification made by privileged processes can take effect. Modifications made by other processes will be automatically rolled back. |
Commercial use |
|
2 |
Batch agent installation |
The agent can be installed on multiple servers in batches. |
Commercial use |
November 2022
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Free Scan on Unprotected Servers |
Servers that are not protected by HSS are scanned once a week for free. A security report on their vulnerabilities, unsafe passwords, and asset risks will be generated. |
Commercial use |
|
2 |
Manually Performing a Vulnerability Scan |
You can manually scan servers for vulnerabilities. |
Commercial use |
September 2022
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Upgrading Your Edition |
You can upgrade to a higher edition and enjoy stronger security features. |
Commercial use |
|
2 |
Batch Installing Agents |
After creating a batch agent installation task, the system will install the agents automatically. You can enable protection for the target servers after the agents are installed successfully. |
Commercial use |
July 2022
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Configuring Asset Importance |
You can configure the asset importance of a server, and can manage servers by asset importance level. |
Commercial use |
|
2 |
Ransomware prevention is supported in Windows |
Monitor new files and running processes in real time, control risks in new files, dynamically generate bait files for proactive defense, accurately identify ransomware, and periodically back up servers based on user-defined policies. |
Commercial use |
|
3 |
Application Protection |
To protect your applications with RASP, you simply need to add probes to them, without having to modify application files. |
Commercial use |
June 2022
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Application vulnerability detection |
You can check and handle vulnerabilities in applications. |
Commercial use |
|
2 |
Exporting the Baseline Check Report |
You can filter and export the baseline check report as required. |
Commercial use |
May 2022
No. |
Feature |
Description |
Phase |
Document |
---|---|---|---|---|
1 |
Asset Details |
HSS proactively checks open ports, processes, web directories, and auto-startup entries on your servers Asset Management gives you a better perspective on host asset information and allows you to identify risky server assets in a timely manner. |
Commercial use |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot