NeuVector delivers a complete security platform for the entire Build, Ship, and Run CI/CD pipeline. Vulnerability scanning can be automated during the image build phase with our Jenkins plugin and registry scanning. Auditing and container compliance is supported with automated CIS security benchmark testing and vulnerability scanning of all production systems and containers. Network controls and firewall capabilities with Container DLP help to meet container compliance requirements for segmentation and isolation of critical systems.
The Kubernetes and Docker CIS benchmarks for security check for dozens of common best-practices around deploying Docker containers in production. NeuVector automatically runs these tests on all Docker hosts and containers and produces a comprehensive report of the results. The NeuVector Kubernetes CIS benchmark implementation has been released as open source by NeuVector to help ensure secure Kubernetes deployments for the community.
NeuVector provides vulnerability detection and management throughout the CI/CD pipeline. The Jenkins plug-in enables policy based build success/failure criteria, preventing vulnerabilities from being introduced into registries. As a further safeguard, all major registries such as AWS ECR, Docker, Red Hat/OpenShift, Azure ACR, and jFrog Artifactory can be monitored and auto-scanned. Running containers and host OS’s are also automatically scanned for vulnerabilities, and containers can be auto-quarantined based on a vulnerability criteria.
NeuVector provides a distributed multi-vector container firewall which provides segmentation and isolation based on L3/4 and Layer 7 application protocols. The policy provides a zero-trust, whitelist based rule list for allowing trusted connections between application containers, regardless of the underlying network, host, or data center. Unauthorized connections between containers or from/to external networks are logged and can be blocked if desired, without impacting valid connections to a container.
Behavioral learning and real-time application protocol inspection enables NeuVector to be highly scalable without the common problems associated with firewall rule and iptable maintenance.
NeuVector is the ONLY container security solution which can enforce the strict firewall and segmentation requirements of PCI, in a cloud-native containerized environment. With Container DLP, NeuVector detects credit card PAN data in network payloads to help enforce data privacy and compliance. Other requirements such as vulnerability scanning and exploit detection are also supported by the NeuVector Multi-Vector container security platform. Below are a sample of specific PCI requirements.
Download the complete guide to Achieving PCI Compliance with NeuVector.