Container Escape
Breaking out of a container's isolation to access the host node. Common vectors: privileged containers, hostPath mounts, capability abuse (SYS_ADMIN, NET_ADMIN), kernel exploits, exposed Docker socket. Admission controllers block most container escape prerequisites.
More from Network & Cloud
Zero Trust Network Access (ZTNA)
Product category replacing traditional VPN with identity-aware per-application access policies. No network-wide trust. Major vendors: Zscaler, Cloudflare Access, Netskope, Palo Alto Prisma Access, Cato Networks, Tailscale, Twingate.
Security Service Edge (SSE)
Gartner category combining ZTNA + Secure Web Gateway (SWG) + Cloud Access Security Broker (CASB) + sometimes DLP and browser isolation. Delivered as cloud service. Major vendors: Zscaler, Netskope, Cloudflare, Palo Alto Prisma, Cisco Umbrella, Cato.
Cloud Access Security Broker (CASB)
Product category for monitoring and enforcing security policies on SaaS application usage. Discovers shadow IT, enforces DLP in-stream, detects risky behavior. Often part of SSE platforms now.
Cloud Security Posture Management (CSPM)
Tools that continuously evaluate cloud infrastructure configurations (AWS, GCP, Azure) against security best practices and compliance frameworks. Major vendors: Wiz, Prisma Cloud, Orca, Lacework. Native: AWS Security Hub, Azure Defender, GCP Security Command Center.
Cloud-Native Application Protection Platform (CNAPP)
Integrated platform combining CSPM + CWPP (workload protection) + CIEM (cloud infrastructure entitlement management) + DSPM (data security posture management). Wiz, Prisma Cloud, Orca Security are the leading CNAPP vendors.
Instance Metadata Service (IMDS)
Cloud metadata endpoint providing credentials and instance information to workloads. AWS IMDSv1 is exploitable via SSRF; IMDSv2 requires session tokens and prevents common SSRF-to-credential-theft patterns. The Capital One breach (2019) exploited IMDSv1 and resulted in $190M in settlements.
Apply this to your environment
Our engagements address concepts like container escape in practice — not just definitions, but how the attack patterns apply to your stack and how to remediate.