CSO’s and Security Teams
Enforce Container Security Without Slowing DevOps Down
Security, Compliance and Visibility for the Dynamic World of Containers
Visibility and Security: The NeuVector 'Kubernetes Container Security Platform'
NeuVector provides a highly automated complete run-time container security solution that adapts easily to your changing environment and secures containers at their most vulnerable point – during run-time. The declarative security policy ensures that applications scale up or scale down quickly without manual intervention. The NeuVector solution is a Red Hat and Docker Certified container itself which deploys easily on each host, providing a container firewall, container process/file system monitoring, security auditing with CIS benchmarks, and vulnerability scanning. Protect sensitive data with Container DLP and secure service mesh workloads with NeuVector.
Discover Application Behavior and Detect Violations
NeuVector discovers the normal behavior of container processes, file system, and network activity and automatically builds a security policy to protect container based services. Using Layer 7 network inspection, unauthorized connections between containers or from external networks can be blocked without disrupting normal container sessions.
- Behavioral learning discovers behavior of applications and services to isolate them from attacks
- Creates a declarative security policy based on built-in support for applications & protocols, even custom ones
- Prevents unauthorized connections without disrupting running containers using network firewall technology
Detect and Mitigate Application Threats
With Layer 7 network inspection, application level attacks such as DDoS and DNS on containers are detected and prevented. Real-time detection and alerting adds a layer of network security to the dynamic container environment, even for trusted or encrypted connections in a service mesh.
- Protects containers against attacks from internal and external networks
- Prevent data stealing attacks which use DNS and ICMP tunneling techniques
- Automatically captures packet used in an attack
Run-Time Vulnerability Scanning & CIS Benchmarks
NeuVector automates security for the entire CI/CD pipeline, from Build to Ship to Run, with the fastest image scanner available. Run-time vulnerability scanning automatically scans all new containers and hosts.
- Run-time vulnerability scanning for containers, hosts, and orchestration platforms
- Auto-container scanning triggered upon any changes in container file system
- Audits host and container security with Docker Bench and Kubernetes CIS Benchmark for security tests
Review and Reduce Container Security Run-Time Risk
Risk Scores and Reports help container security teams better assess the security posture of deployed services in production. Widgets and downloadable reports provide security risk scores for the most critical run-time attack risks: network-based attacks and vulnerability exploits in containers, including east-west attacks, ingress/egress connections, and damaging vulnerability exploits.
- Review overall and individual risk scores for vulnerability exploits and network attacks, complete with advice on how to improve score
- Generate pdf risk reports, security incident details, and vulnerability scanning
- Evaluate all application protocols including network usage for each protocol in gigabytes
Layers Onto Greenfield and Brownfield Environments
NeuVector is a non-intrusive container which is easily layered onto new greenfield or running brownfield environments. Instantly discover running containers and map application behavior, then monitor and protect them from violations, threats, and vulnerabilities. No agents, embedding into images, or developer coding required.
- Layer visibility and security onto running brownfield applications
- Build container security into the DevOps process for new greenfield applications
Integrate with Orchestration Tools, Reporting Tools, and other Enterprise Infrastructure
NeuVector simplifies deployment and management with the most extensive integration with orchestration and other enterprise tools. Enforce admission controls and RBACs with Kubernetes integration or automatically integrate with Red Hat OpenShift RBACs. Use existing SIEM and monitoring tools with NeuVector.
- Prevent vulnerable images from being deployed with admission control integration
- Supports SYSLOG and webhooks for notifications into SIEM, Slack and other alerting systems
- Map user roles with LDAP integration and single sign-on (SSO) with SAML support