Self-protection of security products in cloud native security Tetragon case

HardenedVault wrote “On May 16, 2022, the CTO of cloud native security company Isovalent announced that it has open sourced its internally developed eBPF -based security monitoring and blocking solution for many years: Tetragon . , but from the design of Tetragon, it only supports detection and blocking in the post-exploitation stage. This rule-based detection and blocking was questioned by security researcher Felix Wilhelm , and discussions in the following days led to more security research. Attention to personnel, PaX/GRsecurity team member Pawel Wieczorkiewicz researched for two hours on May 20th and publicly exploited Tetragon’s defense mechanism based on CVE-2021-22555 , and then PaX/GRsecurity disclosed its details and discussed why The defense mechanism cannot rely solely on the detection and blocking mechanism in the post-exploitation phase . Fortunately, the VED (Vault Exploit Defense) solution is immune to current attack methods.”

This article is reprinted from: https://www.solidot.org/story?sid=71635
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment