Application Aware ‘Layer 7’ Container Network Security
Protect Running Containers with True Application Layer Container Security
With a cloud-native ‘multi-vector container firewall,’ NeuVector is the only container security solution that protects your container network from L3 to L7. Container network security gives devops and security teams run-time visibility and protection against threats, attacks, ransomware, viruses, breakouts and other suspicious activity. NeuVector supports native docker networking, all network overlays/plug-ins and L3-routed networking.
- Detects threats from external and internal networks
- Prevents unauthorized connections between containers
- Monitors all ‘east-west’ container traffic
Compatible with Container Networks and Overlays
Container networks can be difficult to protect with continual changes in orchestration tools and overlay networks. NeuVector provides automated segmentation based on application layer behavior regardless of different network settings. NeuVector integrates with leading orchestration platforms such as Kubernetes, Rancher, OpenShift, AWS EKS, and Swarm to provide enhanced protection and visualization of containers and platform services.
Get Internal ‘East-West’ Traffic Under Control
Microservices and containers dramatically increase internal East-West traffic in a data center. Without application aware container network security, an attacker can exploit containers once inside a data center. NeuVector detects and displays real-time connection info for all container traffic and can easily capture network packets for container application debugging and forensics.
Capture Packets for Debugging and Threat Investigation
Network visibility is difficult enough without pods and containers constantly scaling up and down. NeuVector makes it easy to view summary connection data and drill down into actual packet visibility for each container. When a threat is detected, NeuVector will automatically capture and display the packet info, making it easy to investigate. Suspicious activity can be investigated by easily turning on packet capture for one or more containers. Packet capture is also useful in testing and staging to debug applications before they go into production.