Security Center provides a container security module that is based on the cloud native technology. This module allows you to detect and prevent intrusions into your containers.
|Category||Feature||Entry in the left-side navigation pane|
|Container network and asset visualization||Container network visualization||Radar tab|
|Centralized management of container assets||Container tab on the Assets page|
|Image security in security prevention||Scan of image system vulnerabilities|
|Scan of image application vulnerabilities|
|Scan of malicious image samples|
|Check for image sensitive information|
|Image baseline check|
|Supply chain security in security prevention||Vulnerability scan of open source supply chain software|
|Use the container signature feature|
|Runtime threat detection||Alerts|
|Runtime Vul Fixes|
|AccessKey pair leak detection|
Only Security Center Ultimate supports this feature. If you do not use the Ultimate edition, you must upgrade Security Center to the Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.
- X: indicates that the feature is not supported by the edition.
- √: indicates that the feature is supported by the edition.
- Value-added: indicates a value-added feature. If you want to use a value-added feature, you must enable the feature when you purchase or upgrade Security Center.
|Feature||Description||Basic, Anti-virus, and Advanced||Enterprise||Ultimate||Documentation|
|Threat detection during container runtime||Security Center detects threats to Container Service for Kubernetes in real time, including viruses and malicious programs in the containers or on hosts, intrusion into the containers, and container escapes. Security Center also generates alerts for these threats and warnings for high-risk operations.||X||X||√||Use Runtime Security to monitor ACK clusters and configure alerts|
|Security Center detects the following risks for containers during container runtime and generates alerts for detected risks:
||X||X||√||View and handle alert events|
|Threat detection on Kubernetes containers||Security Center monitors the status of running containers in a Kubernetes cluster. This allows you to detect security risks and attacker intrusions at the earliest opportunity. Security Center detects the following items:
||X||X||√||Use threat detection on Kubernetes containers|
|Image signature||Security Center signs trusted container images and verifies the signatures to ensure that only trusted images are deployed. This prevents unauthorized container images from being started and improves asset security. Only Kubernetes clusters that are deployed in the China (Hong Kong) region support the image signature feature.||X||X||√||Use the container signature feature|
|Security check of container images||Security Center detects the following image vulnerabilities and malicious image samples:
Note Security Center detects container image vulnerabilities and malicious image samples. However, Security Center does not automatically fix the detected vulnerabilities and samples. If vulnerabilities or malicious samples are detected in a container image, we recommend that you follow the fixes and solutions provided by Security Center. You can also use the paths of the malicious samples to manually reinforce image protection.
|X||Value-added||Value-added||Overview of image security scans|
|Container configuration security||Security Center performs security checks on the baseline configurations of containers. Security Center also generates alerts based on the results of these checks. The security checks cover the following items:
|Visualization of container security status||Security Center monitors the security status of containers in real time and displays the security status on the Assets page.||√||√||√||View the security information of containers|