Perfectly solved cloud/native east-west attack detection (lateral movement attack detection) from an industry perspective.
1. Background of Requirements
In order to ensure business continuity, the cloud boundary security organization always leaks a large number of risks into the cloud environment. Statistics show that about 30% of specific attacks can enter the internal environment. Software supply chain risks will also bypass the boundary security organization and enter the cloud environment. These risks, especially some application layer attacks, are usually not detected by HIDS/EDR and other products as long as the security baseline is not triggered;
However, due to various theoretical issues, API security gateways and RASP are not suitable for large-scale deployment without blind spots in production environments. Therefore, a large amount of workloads within cloud/native environments are often directly exposed to these attacks. In fact, it is precisely these fish with specific attack tasks that cannot be effectively detected that cause the ultimate fatal blow to business and data. So, how can we effectively counter these application layer attacks that run rampant within the cloud/native?
2. Functional characteristics
TiFlow Microprobe + TiCommander/TiDetector can perfectly solve this problem; Its functional characteristics are as follows:
Feature 1: no intrusion, no blind spot detection capability
TiFlow can quickly deploy to each workload without intrusion, and return the session data of each workload to the TiCommander in real time with refined JSON messages. The TiCommander risk detection engine TiDetector will detect attack risks in real time and form alarms and dashboards;
Feature 2: detailed contextual backtracking analysis ability
For alarms issued by any TiDetector and most alarms issued by border security products (WAF/IDS/Firewall), TiCommander can provide detailed alarm risk context content for in-depth analysis and judgment;
Feature 3: Attack Chain and Discovery of Infected Hosts
TiCommander provides a tracking topology for various attack features. Users only need to enter attack features, and the TiCommander can automatically help users sort out related attack chains. In the event of a security incident, it is very helpful to find all infected workloads in time.
TCPIPlabs Tech., Inc. © 2022-2024 EULA,Infomation and Code Secunity Statement
Product Center | Scene Centre | Company Related | |
Cloud East-West Security | |||
TiCenter-Multi Scene Center | Cloud Traffic Analysis | Our Insights | |
TiScanner Baseline Probe | Data Behavior Monitoring | To Our Partners | |
TiRunner Stress Platform |
|
Contact Us | |