Application Aware Network Container Security

Secure container-based applications with the NeuVector run-time container security solution

Visibility and Security: The NeuVector Container

NeuVector provides a real-time network container security solution that adapts easily to your changing environment and secures containers at their most vulnerable point – during run-time. Our declarative security policy ensures that your application can scale up or scale down quickly and without manual intervention. The NeuVector solution is a container itself which deploys easily on each host.

Discover Application Behavior and Detect Violations

NeuVector discovers normal connections and application behavior and automatically builds a security policy to protect container based services. Unauthorized connections between containers or from external networks can be logged or blocked without disrupting normal container sessions.

  • Discovers behavior of applications, containers, and services

  • Creates a declarative security policy based on built-in support for applications & protocols, even custom ones

  • Prevents unauthorized connections without disrupting running containers

Automated Image Scanning for Running Containers & Hosts

All running containers and host OS’s are automatically scanned for vulnerabilities. The scanning tasks are distributed across Enforcers for a real-time, highly scalable image vulnerability analysis.

  • ‘Live’ Scans containers and host OS during development, test, staging, or production

  • Scales to hundreds or thousands of live containers

  • Identifies high priority vulnerabilities including application specific issues

Detect and Mitigate Application Threats

Application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.

  • Protects containers against attacks from internal and external networks

  • Detects high and medium priority threats in real-time

Deploy NeuVector in Dev, Staging, or Production

The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console or CLI.

  • Tests containers during development for vulnerabilities

  • Creates a declarative security policy automatically in staging or production

  • Protects containers from threats, violations and vulnerabilities in production

Layers Onto Greenfield and Brownfield Environments

NeuVector is a non-intrusive container which is easily layered onto new greenfield or running brownfield environments. Instantly discover running containers and map application behavior, then monitor and protect them from violations, threats, and vulnerabilities. No agents, embedding into images, or developer coding required.

  • Layer visibility and security onto running brownfield applications

  • Build container security into the DevOps process for new greenfield applications

Supports Most Popular Deployment, Monitoring and Reporting Tools

Deployment of NeuVector is simple and fast. Just use your favorite container deployment tools to deploy the NeuVector container on each host to be protected. The latest versions are available from the NeuVector private Docker Hub registry.

  • Integrates into the CI/CD and production monitoring pipeline

Take the Next Steps
with NeuVector

Interested in learning more?

  • Request a Demo
  • Download the ’15 Container Security Tips’ Guide
  • Watch the Container Security Webinar
  • Read the NeuVector blog

Or, request the download to try NeuVector today.

Try NeuVector