NeuVector’s unique network-layer visibility and run-time protection combines with NGINX Plus’ security capabilities to safeguard business-critical container applications
San Jose, California – March 8, 2017 – NeuVector, which delivers continuous network security for containers, today announced support for NGINX Plus security capabilities into the NeuVector console.
NGINX Plus, the enterprise-grade application delivery platform from NGINX, Inc., extends open source NGINX software with advanced features for container applications such as load balancing, service discovery, and application resiliency. Complementarily, NeuVector adeptly provides the network layer visibility and security needed to oversee east-west container-to-container traffic. This is traffic that routinely crosses hosts and data center boundaries, presenting an ever-increasing concern as microservices deployment growth continues.
Providing support for NGINX Plus alleviates the issues and conflicts commonly faced when security features from different vendors overlap, instead achieving simple and effective visualization of those container connections that utilize NGINX Plus to encrypt container-to-container sessions. With NeuVector and NGINX Plus working in tandem, any attempt to bypass an NGINX Plus encrypted tunnel is instantly detected and addressed by NeuVector. At the same time, NeuVector automatically recognizes and monitors those connections not encrypted by NGINX Plus, protecting against threats or violations to those containers.
The NeuVector solution – a container itself – can be deployed to protect running (or ‘brownfield’) container applications as well, offering a layered security solution with NGINX Plus. Once NeuVector is deployed and the application receives traffic, the NeuVector console displays a visual map of all containers, applications, and network connections involved – including indications of which containers are secured by NGINX Plus-encrypted SSL tunnels. This visualization offers quick insights into application behavior and the security of each container.
“NGINX Plus provides the enhanced security controls, and monitoring and management capabilities, for delivering microservices at scale,” said Paul Oh, Head of Business Development for NGINX, Inc. “NeuVector’s visualization of NGINX Plus security capabilities helps enterprises manage the risks associated with deploying containers in production.”
The NeuVector zero-configuration solution will automatically recognize expected normal behavior in the network connections it oversees. For connections between application containers that are not encrypted by NGINX Plus, NeuVector performs automated segmentation and deep packet inspection, and then makes an informed determination as to whether those connections should be allowed. In this way, NeuVector blocks only suspicious container traffic, while safe traffic continues to the container unaffected. To complete its run-time protection suite, NeuVector also provides real-time threat detection and vulnerability scanning for hosts and containers.
“Continuously defending container applications from active threats requires effective security solutions that have their eyes open,” said Fei Huang, CEO, NeuVector. “Too often, though, implementing security solutions from multiple providers is a reliable recipe for conflicts and IT frustration. We’re proud to provide valuable visualization of the security and encryption that NGINX Plus makes available to enterprises, and to seamlessly complement that security with NeuVector’s own threat detection and prevention capabilities. The result gives businesses a much more complete ability to view oncoming threats and to protect their critical container applications.”
NeuVector delivers a Docker container network security solution with a zero-configuration policy that adapts to the changing environment and secures containers during run-time. Founded by industry veterans from Fortinet, VMware, and Trend Micro, NeuVector has developed patent-pending behavioral learning for containers with the vision of simple, scalable network security for containers.