中文/English
The leading full-stack,
full lifecycle cloud-native protection platform
It spans multiple and hybrid clouds, with security protection covering from development to runtime which includes protection of infrastructure, microservice networks, workloads, and applications and data
Visibility of full lifecycleShangfu bridges DevOps and container clouds, allowing users to know key information in every stage of a project from coding, building, distribution, testing, deployment, and operation, such as code repository that the project is in and POD or host that it will eventually run on. It also supports visualization of security risks at each stage, such as coding vulnerabilities, image vulnerabilities, IAST testing vulnerabilities, deployment compliance, intrusion events in runtime , etc., providing unprecedented visibility.
Full-stack security protectionShangfu opens up the workload security of CSPM, containers, public and private clouds, showing the configuration errors and compliance of public cloud resources such as OSS, RDS and other basic SaaS services, the security risks of managed container clouds and private container platforms, as well as the security issues and intrusion events of cloud hosts such as multi-clouds and hybrid clouds in a unified interface, unlike traditional products that distribute different workloads within different security offerings.
DevSecOps
- IaC scanning
- Open source components security
- Image security scanning
- Automated IAST security testing
- Interconnection of development process and runtime assets
- A wrong IaC (infrastructure as code) template can reproduce hundreds of dangerous resources, which eventually turn into thousands of operations alerts. Shangfu's IaC security scanning capability in DevSecOps module can automatically identify IaC code in the coding phase and patch those vulnerabilities.
- Shangfu's IaC security scanning capability supports security checks in various formats such as Kubernetes Manifest file, Rancher, Docker File, Terraform, etc.
Infrastructure Security
- Shangfu can view the public cloud assets cloud hosts, cloud storage, cloud networks, etc. in the organization with CSPM (Cloud Security Status Management). It supports multiple configuration standards such as CIS, PCI DSS, Classified Protection, etc. to detect these assets and list entries that do not meet security practices or laws and regulations, as well as provide suggestions for remediation.
- CSPM (cloud security posture management)
- Infrastructure baseline compliance
Microservice cybersecurity
- Relationship map for asset access
- Microsegmentation based on zero-trust
- Microservice cybersecurity module of Shangfu can observe and learn all microservice east-west traffic across clusters and namespaces, and generate access relationship maps.
Workload security
- In order to achieve version management and fault recovery resilience, Cloud Native has proposed the concept of "immutable infrastructure". Based on this concept, Shangfu CNAPP uses process whitelisting by default to provide strong security protection for workloads. In the cloud-native system, the control before the process is prior to the anomaly detection after that.
- Process whitelisting
- Container intrusion detection
- Asset access control
Application and data security
- Declarative cloud-native WAF
- Microservice API management
- Shangfu CNAPP provides declarative native WAF capabilities for cloud-native microservices. In the deployment of an application, clients simply add the tag : moresec.cn/waf-inject-enable: "true" and the application will automatically get WAF protection when it starts. It enables security protection a resource that is available, simple and robust when needed.
High integration and broad compatibility
- Cloud environments
- Network CNI
- Runtime
- Image repository
- CI/CD pipeline
Copyright © 2023 MoreSec Technology. All rights reserved
