Full Lifecycle Container Security
Build, Ship, and Run Securely With A Full Lifecycle Container Security Platform
Develop and Deploy Containers With Confidence
Vulnerability Management for the Build, Ship, and Run Pipeline
NeuVector scans for vulnerabilities during the entire CI/CD pipeline, from Build to Ship to Run. Use the Jenkins plug-in to scan during build, monitor images in registries and run automated tests for security compliance. Prevent deployment of vulnerable images with admission control, but also monitor production containers. Blazing fast, highly scalable image vulnerability analysis scans thousands or hundreds of thousands of images.
View Full-Lifecycle Security Diagram
- Scanning and admission control during build, test and deployment
- Scans containers, hosts, and orchestration platforms during run-time
- Audits host and container security with Docker Bench and Kubernetes CIS Benchmark for security tests
Complete Run-Time Security - Without Compromise
NeuVector scans for vulnerabilities during the entire CI/CD pipeline, from Build to Ship to Run. Use the Jenkins plug-in to scan during build, monitor images in registries and run automated tests for security compliance. Prevent deployment of vulnerable images with admission control, but also monitor production containers. Blazing fast, highly scalable image vulnerability analysis scans thousands or hundreds of thousands of images.
- Scanning and admission control during build, test and deployment
- Scans containers, hosts, and orchestration platforms during run-time
- Audits host and container security with Docker Bench and Kubernetes CIS Benchmark for security tests
Detect and Mitigate Application Threats with a Container Firewall
With Layer 7 network inspection, application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment.
- Protects containers against attacks from internal and external networks
- Prevent data stealing attacks which use DNS and ICMP tunneling techniques
- Automatically captures packet used in an attack
Deploy NeuVector in Dev, Staging, or Production
The NeuVector components are containers which deploy easily onto virtual machines or bare metal OS environments. The Enforcer container is deployed on each node to protect containers running on it. A Controller container manages the cluster of Enforcers. NeuVector can be managed through the Console, REST API, or CLI.
- Tests containers during development for vulnerabilities
- Creates a declarative security policy automatically in staging or production
- Protects containers from threats, violations and vulnerabilities in production
Integrate with Orchestration Tools, Reporting Tools, and other Enterprise Infrastructure
NeuVector simplifies deployment and management with the most extensive integration with orchestration and other enterprise tools. Enforce RBACs for NeuVector access with Kubernetes namespaces or automatically integrate with Red Hat OpenShift RBACs. Use existing SIEM and monitoring tools with NeuVector.
- Integrates into the CI/CD and production monitoring pipeline
- Supports SYSLOG and webhooks for notifications into SIEM, Slack and other alerting systems
- Map user roles with LDAP integration and single sign-on (SSO) with SAML support
