Full Lifecycle Container Security


Build, Ship, and Run Securely With A Full Lifecycle Container Security Platform

Develop and Deploy Containers With Confidence

Vulnerability Management for the Build, Ship, and Run Pipeline

NeuVector scans for vulnerabilities during the entire CI/CD pipeline, from Build to Ship to Run. Use the Jenkins plug-in to scan during build, monitor images in registries and run automated tests for security compliance. Prevent deployment of vulnerable images with admission control, but also monitor production containers. Blazing fast, highly scalable image vulnerability analysis scans thousands or hundreds of thousands of images.

View Full-Lifecycle Security Diagram

  • Scanning and admission control during build, test and deployment
  • Scans containers, hosts, and orchestration platforms during run-time
  • Audits host and container security with Docker Bench and Kubernetes CIS Benchmark for security tests
Image
Image

Complete Run-Time Security - Without Compromise

NeuVector scans for vulnerabilities during the entire CI/CD pipeline, from Build to Ship to Run. Use the Jenkins plug-in to scan during build, monitor images in registries and run automated tests for security compliance. Prevent deployment of vulnerable images with admission control, but also monitor production containers. Blazing fast, highly scalable image vulnerability analysis scans thousands or hundreds of thousands of images.

  • Scanning and admission control during build, test and deployment
  • Scans containers, hosts, and orchestration platforms during run-time
  • Audits host and container security with Docker Bench and Kubernetes CIS Benchmark for security tests

Detect and Mitigate Application Threats with a Container Firewall

With Layer 7 network inspection, application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.

  • Protects containers against attacks from internal and external networks
  • Prevent data stealing attacks which use DNS and ICMP tunneling techniques
  • Automatically captures packet used in an attack
Image
Image

Deploy NeuVector in Dev, Staging, or Production

The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console, REST API, or CLI.

  • Tests containers during development for vulnerabilities
  • Creates a declarative security policy automatically in staging or production
  • Protects containers from threats, violations and vulnerabilities in production

Integrate with Orchestration Tools, Reporting Tools, and other Enterprise Infrastructure

NeuVector simplifies deployment and management with the most extensive integration with orchestration and other enterprise tools. Enforce RBACs for NeuVector access with Kubernetes namespaces or automatically integrate with Red Hat OpenShift RBACs. Use existing SIEM and monitoring tools with NeuVector.

  • Integrates into the CI/CD and production monitoring pipeline
  • Supports SYSLOG and webhooks for notifications into SIEM, Slack and other alerting systems
  • Map user roles with LDAP integration and single sign-on (SSO) with SAML support
Image