AWS EKS and ECS
AWS EKS and ECS Container Security
Deploy Containers with Confidence Running on AWS and Deployed Using ECS, EKS, Docker, Kubernetes, OpenShift and more
Container deployments on public clouds such as AWS need added visibility and security for defense in depth. Traditional cloud firewalls and security features such as Security Groups can’t adequately protect constantly changing container traffic. NeuVector provides a complete end-to-end security platform, from vulnerability management and admission controls to run-time protection.
- Discover application behavior and protect containers on AWS
- Easily deploy the NeuVector container using ECS, Kubernetes, EKS or other container tools
- Vulnerability scan images in ECR or other registries and during run-time
Learn App Behavior and Automatically Protect AWS Containers
NeuVector instantly discovers all containers, learns application behavior, and automatically creates a security policy to protect them from violations, threats, and vulnerabilities.
- Eliminates security updates such as security groups for new, updated or scaling application containers
- Provides container visibility and real-time security event logging for container traffic
- Protects containers from threats and violations without disrupting normal container connections
Enforce Scalable AWS ECS and EKS Security
Use ECS or EKS to manage NeuVector and application containers. Ensure that each new host running application containers has a NeuVector security container. Manage Kubernetes-native deployments running on EC2.
- Automatically detect container and ECS/EKS network changes as applications scale or update
- Scan registries, containers and hosts for vulnerabilities
- Enforce admission controls, RBACs, CIS Benchmarks, and run-time policy through Kubernetes integrations
Secure AWS App Mesh and Other Service Mesh Deployments
- Inspects all connections for threats and enforces automated segmentation, before encryption takes place
- Discover, monitors, and simplifies the explosion of service mesh system traffic between data plane and control plane containers
- Expands security beyond HTTP to support ICMP, TCP and other protocols