Visibility and Security: The NeuVector ‘Container Firewall’
NeuVector provides a real-time network container security solution that adapts easily to your changing environment and secures containers at their most vulnerable point – during run-time. The declarative security policy ensures that applications scale up or scale down quickly without manual intervention. The NeuVector solution is a Docker Certified container itself which deploys easily on each host, providing a container firewall, host monitoring and security, security auditing with CIS benchmarks, and vulnerability scanning.
Discover Application Behavior and Detect Violations
NeuVector discovers normal connections and application behavior and automatically builds a security policy to protect container based services. Using Layer 7 network inspection, unauthorized connections between containers or from external networks can be logged or blocked without disrupting normal container sessions.
Behavioral learning discovers behavior of applications and services to isolate them from attacks
Creates a declarative security policy based on built-in support for applications & protocols, even custom ones
Prevents unauthorized connections without disrupting running containers using network firewall technology
Audit, Scan, Monitor Running Containers & Hosts
NeuVector protects against host break outs and automatically tests for security compliance. All running containers and host OS’s are automatically scanned for vulnerabilities and run the Docker Bench security tests. The scanning tasks are distributed across Enforcers for a real-time, highly scalable image vulnerability analysis. During run-time, hosts and container processes and syscalls are monitored for suspicious activity.
‘Live’ scans containers and hosts during development, test, staging, or production
Detects suspicious activity on hosts and containers such as privilege escalations, reverse shells, and port scanning processes
Audits host and container security with Docker Bench and Kubernetes CIS Benchmark for security tests
Detect and Mitigate Application Threats
With Layer 7 network inspection, application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.
Protects containers against attacks from internal and external networks
Detects high and medium priority threats in real-time
Prevent data stealing attacks which use DNS and ICMP tunneling techniques
Deploy NeuVector in Dev, Staging, or Production
The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console, REST API, or CLI.
Tests containers during development for vulnerabilities
Creates a declarative security policy automatically in staging or production
Protects containers from threats, violations and vulnerabilities in production
Layers Onto Greenfield and Brownfield Environments
NeuVector is a non-intrusive container which is easily layered onto new greenfield or running brownfield environments. Instantly discover running containers and map application behavior, then monitor and protect them from violations, threats, and vulnerabilities. No agents, embedding into images, or developer coding required.
Layer visibility and security onto running brownfield applications
Build container security into the DevOps process for new greenfield applications
Integrate with Orchestration Tools, Reporting Tools, and other Enterprise Infrastructure
Deployment of NeuVector is simple and fast. Just use your favorite container deployment tools such as Docker or Kubernetes to deploy the NeuVector container on each host to be protected. NeuVector is simple to integrate with an automated pipeline and other infrastructure tools.
Integrates into the CI/CD and production monitoring pipeline
Supports SYSLOG and webhooks for notifications into SIEM, Slack and other alerting systems
Map user roles with LDAP integration and single sign-on (SSO) with SAML support