NeuVector discovers normal connections and application behavior and automatically builds a security policy to protect container based services. Using Layer 7 network inspection, unauthorized connections between containers or from external networks can be logged or blocked without disrupting normal container sessions.
NeuVector automates security for the entire CI/CD pipeline, from Build to Ship to Run. Use the Jenkins plug-in to scan during build, monitor images in registries and run automated tests for security compliance. Prevent deployment of vulnerable images with admission control, but also monitor production containers. All running containers and host OS’s are automatically scanned for vulnerabilities with scanning tasks distributed across hosts for real-time, highly scalable image vulnerability analysis. Host and container processes and file system activity are also are monitored for suspicious activity.
With Layer 7 network inspection, application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.
The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console, REST API, or CLI.
NeuVector is a non-intrusive container which is easily layered onto new greenfield or running brownfield environments. Instantly discover running containers and map application behavior, then monitor and protect them from violations, threats, and vulnerabilities. No agents, embedding into images, or developer coding required.
NeuVector simplifies deployment and management with the most extensive integration with orchestration and other enterprise tools. Enforce RBACs for NeuVector access with Kubernetes namespaces or automatically integrate with Red Hat OpenShift RBACs. Use existing SIEM and monitoring tools with NeuVector.