Visibility and Security: The NeuVector ‘Container Firewall’
NeuVector provides a real-time network container security solution that adapts easily to your changing environment and secures containers at their most vulnerable point – during run-time. Our declarative security policy ensures that your application can scale up or scale down quickly without manual intervention. The NeuVector solution is a container itself which deploys easily on each host, providing a container firewall, host monitoring and security, security auditing with CIS benchmarks, and vulnerability scanning.
Discover Application Behavior and Detect Violations
NeuVector discovers normal connections and application behavior and automatically builds a security policy to protect container based services. Unauthorized connections between containers or from external networks can be logged or blocked without disrupting normal container sessions.
Discovers behavior of applications, containers, and services
Creates a declarative security policy based on built-in support for applications & protocols, even custom ones
Prevents unauthorized connections without disrupting running containers
Audit, Scan, Monitor Running Containers & Hosts
NeuVector protects against host break outs and automatically tests for security compliance. All running containers and host OS’s are automatically scanned for vulnerabilities and run the Docker Bench security tests. The scanning tasks are distributed across Enforcers for a real-time, highly scalable image vulnerability analysis.
‘Live’ scans containers and hosts during development, test, staging, or production
Detects privilege escalations and other suspicious activity on hosts and containers
Audits host and container security with Docker Bench for security tests
Detect and Mitigate Application Threats
Application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.
Protects containers against attacks from internal and external networks
Detects high and medium priority threats in real-time
Deploy NeuVector in Dev, Staging, or Production
The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console or CLI.
Tests containers during development for vulnerabilities
Creates a declarative security policy automatically in staging or production
Protects containers from threats, violations and vulnerabilities in production
Layers Onto Greenfield and Brownfield Environments
NeuVector is a non-intrusive container which is easily layered onto new greenfield or running brownfield environments. Instantly discover running containers and map application behavior, then monitor and protect them from violations, threats, and vulnerabilities. No agents, embedding into images, or developer coding required.
Layer visibility and security onto running brownfield applications
Build container security into the DevOps process for new greenfield applications
Supports Most Popular Deployment, Monitoring and Reporting Tools
Deployment of NeuVector is simple and fast. Just use your favorite container deployment tools to deploy the NeuVector container on each host to be protected. The latest versions are available from the NeuVector private Docker Hub registry.
Integrates into the CI/CD and production monitoring pipeline