AWS EKS and ECS


AWS EKS and ECS Container Security

Deploy Containers with Confidence Running on AWS and Deployed Using ECS, EKS, Docker, Kubernetes, OpenShift and more

Container deployments on public clouds such as AWS need added visibility and security for defense in depth. Traditional cloud firewalls and security features such as Security Groups can’t adequately protect constantly changing container traffic. NeuVector provides a complete end-to-end security platform, from vulnerability management and admission controls to run-time protection.

  • Discover application behavior and protect containers on AWS
  • Easily deploy the NeuVector container using ECS, Kubernetes, EKS or other container tools
  • Vulnerability scan images in ECR or other registries and during run-time
Image
Image

Learn App Behavior and Automatically Protect AWS Containers

NeuVector instantly discovers all containers, learns application behavior, and automatically creates a security policy to protect them from violations, threats, and vulnerabilities.

  • Eliminates security updates such as security groups for new, updated or scaling application containers
  • Provides container visibility and real-time security event logging for container traffic
  • Protects containers from threats and violations without disrupting normal container connections

Enforce Scalable AWS ECS and EKS Security

Use ECS or EKS to manage NeuVector and application containers. Ensure that each new host running application containers has a NeuVector security container. Manage Kubernetes-native deployments running on EC2.

  • Automatically detect container and ECS/EKS network changes as applications scale or update
  • Scan registries, containers and hosts for vulnerabilities
  • Enforce admission controls, RBACs, CIS Benchmarks, and run-time policy through Kubernetes integrations
Image
Image

Secure AWS App Mesh and Other Service Mesh Deployments

NeuVector integrates with service meshes such as AWS App Mesh and Istio to provide unique network visibility and protection, even for encrypted connections.

  • Inspects all connections for threats and enforces automated segmentation, before encryption takes place
  • Discover, monitors, and simplifies the explosion of service mesh system traffic between data plane and control plane containers
  • Expands security beyond HTTP to support ICMP, TCP and other protocols