HSS Major Update 

Application process control

HSS can control different types of application processes on servers. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes.

Optimized ransomware prevention

Ransomware prevention will be enabled with the HSS premium or higher edition.

Container cluster protection

HSS can check for non-compliance baseline issues, vulnerabilities, and malicious files when a container image is started and report alarms on or block container startup that has not been unauthorized or may incur high risks. You can configure container cluster protection policies to block images with vulnerabilities, malicious files, non-compliant baselines, or other threats, hardening cluster security.

Optimized intrusion detection alarms

The intrusion detection capability is enhanced. HIPS can detect intrusions in the Linux system. The following types of server and container alarms are added:

Servers: abnormal outbound connection and port forwarding

Containers: hacker tool, user password theft, file privilege escalation, port forwarding, and abnormal outbound connection

The functions of checking and handling intrusion alarms are optimized:

ATT&CK phases, forensics, suggestions, and the handling records of similar alarms are added to alarm details, helping you quickly analyze and handle alarms.

You can add alarms to the whitelist and create whitelist rules to improve whitelist rule hits to reduce duplicate alarms.

When handling a single alarm or handling alarms in batches, you can select Handle duplicate alarms in batches to improve efficiency.

Optimized Dashboard page

The quota management, protection overview, and news modules are added to the HSS Dashboard page. You can easily check the quota usage, enabling status of key functions, and the latest vulnerability information. The security score criteria are optimized to help you quickly locate security risks and improve the security score.

Backup before vulnerability fixing

Vulnerability fixing may fail and interrupt services. To avoid this problem, HSS enables you to back up servers before fixing vulnerabilities. If an exception occurs, you can restore servers to ensure service continuity.

Cluster agent management

To enable protection for all containers in a CCE cluster or an on-premises Kubernetes cluster, you can use the cluster agent management function to install the agent in the cluster. After this function is enabled, you do not need to manually install the agent on new nodes or pods added to the cluster.

Added the automatic agent upgrade function

The agent edition is continuously updated to improve server protection capabilities. Therefore, you need to periodically upgrade the agent to the latest version. If you cannot manually upgrade the agent in a timely manner, you are advised to enable the automatic agent upgrade function. HSS will automatically upgrade the agent to the latest version.

Added the virus scanning and removal function

The function uses the virus detection engine to scan virus files on the server. The scanned file types include executable files, compressed files, script files, documents, images, and audio and video files. You can perform quick scan and full-disk scan on the server as required. You can also customize scan tasks and handle detected virus files in a timely manner to enhance the virus defense capability of the service system.

Added the dynamic port honeypot function

The dynamic port honeypot function is a deception trap. It uses a real port as a bait port to induce attackers to access the network. In the horizontal penetration scenario, the function can effectively detect attackers' scanning, identify faulty servers, and protect real resources of the user.

You can enable the dynamic port honeypot using recommended ports or user-defined ports to deceive compromised servers and reduce the risk of resources intrusion.

Container firewall

The HSS container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.

Server vulnerability management

The vulnerability management page is redesigned. The new functions are as follows:

Vulnerability and server views: You can view the servers affected by a vulnerability in the vulnerability view; and view the vulnerabilities on a server in the server view.

Vulnerability tags: Category tags are added for vulnerabilities and can be used to filter vulnerabilities.

Vulnerability whitelist: After a vulnerability is added to the whitelist, its record displayed in the vulnerability list will be marked as ignored and no alarm will be reported. When a new vulnerability scan task is executed, this vulnerability will not be scanned or displayed.

Vulnerability handling history: For vulnerabilities that have been handled, you can check who handled them, when then are handled, and the handling results.

Automatic vulnerability scan policy: You can specify the scan schedule, scope, and servers for HSS to automatically scan for vulnerabilities.

IPv6 server security protection is supported

IPv6 server security protection is supported. multiple security management and defense capabilities are provided, such as asset management, vulnerability management, baseline check, and intrusion detection, meeting security protection requirements in multiple scenarios of customers.