Security Center provides a container security module that is based on the cloud native technology. This module allows you to detect and prevent intrusions into your containers.
- X: The feature is not supported by this edition of Security Center.
- √: The feature is supported by this edition of Security Center.
|Feature||Description||Basic edition||Basic Anti-Virus edition||Advanced edition||Enterprise edition||Documentation|
|Threat detection during container runtime||Security Center detects threats to Container Service for Kubernetes in real time, including viruses and malicious programs in the containers or on hosts, intrusion into the containers, and container escapes. It also generates alerts for these threats and warnings for high-risk operations.||X||X||X||√||Use Runtime Security to monitor ACK clusters and configure alerts|
| Security Center detects the following items:
||X||X||X||√||View and handle alert events|
|Threat detection on Kubernetes containers||Security Center monitors the status of running containers in a Kubernetes cluster.
This allows you to detect security risks and attacker intrusion in a timely manner.
Security Center detects the following items:
||X||X||X||√||Threat detection for Kubernetes containers|
|Image signature||Security Center signs trusted container images and verifies the signatures to ensure that only trusted images are deployed. This prevents unauthorized container images from being started and improves asset security. Only Kubernetes clusters that are deployed in the China (Hong Kong) region support the image signature feature.||X||X||X||√||Container signature|
|Security check of container images||The image vulnerability detection feature is in public preview.
Security Center detects vulnerabilities in container images to ensure that your images are secure and reliable.
Note Security Center supports only the detection of container image vulnerabilities, but does not support automatic fixing of the detected vulnerabilities. If vulnerabilities are detected in a container image, we recommend that you follow the fixes and solutions provided by Security Center to manually reinforce image protection.
|X||X||X||√||Image security scan|
|Detection of application vulnerabilities in images||Security Center scans container-related middleware to detect application vulnerabilities in images. This ensures that images run in a secure environment.||X||X||X||√|
|Detection of malicious image samples||Security Center provides image security scans to detect malicious image samples in your containers. This allows you to view the risks in your containers and reinforce the security of your assets.||X||X||X||√|
|Container configuration security||Security Center performs security checks on the baseline configurations of containers.
It also generates alerts based on the results of these checks. The security checks
cover the following items:
|Visualization of container security status||Security Center monitors the security status of containers in real time and displays it on the Assets page.||X||X||X||√||View the security status of containers|