NeuVector discovers normal connections and application behavior and automatically builds a security policy to protect container based services. Using Layer 7 network inspection, unauthorized connections between containers or from external networks can be logged or blocked without disrupting normal container sessions.
NeuVector protects against host break outs and automatically tests for security compliance. All running containers and host OS’s are automatically scanned for vulnerabilities and run the Docker Bench security tests. The scanning tasks are distributed across Enforcers for a real-time, highly scalable image vulnerability analysis. During run-time, hosts and container processes and syscalls are monitored for suspicious activity.
With Layer 7 network inspection, application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.
The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console, REST API, or CLI.
NeuVector is a non-intrusive container which is easily layered onto new greenfield or running brownfield environments. Instantly discover running containers and map application behavior, then monitor and protect them from violations, threats, and vulnerabilities. No agents, embedding into images, or developer coding required.
Integrate with Orchestration Tools, Reporting Tools, and other Enterprise Infrastructure