Red Hat OpenShift
OpenShift Protection in Production
Integrated, Automated Security for Containers Deployed with Red Hat OpenShift
NeuVector provides full life-cycle container security automation for OpenShift deployments. Image scanning, admission controls, and CIS benchmarks integrate with CI/CD pipelines and help with compliance.
In production, traditional tools such as firewalls and host security are blind to container traffic and activity. The NeuVector solution inspects all network traffic between pods to detect network violations and threats in real-time, while also monitoring container and host processes.
NeuVector OpenShift Integration Benefits
- Network visibility and security for east-west (internal) and north-south (external) traffic
- Layer 7 container firewalling with Deep Packet Inspection (DPI) automates security policy, scales easily, and detects violations at an application protocol layer, not just IP/port
- Detects container threats and suspicious activity such as DDoS attacks, tunneling, reverse shells, privilege escalations and port scanning
- Automatically integrates with OpenShift RBAC's for access to NeuVector
- Leverage OpenShift ImageStreams to automatically scan new and updated images
- Prevent deployment of vulnerable images with integration to OpenShift admission controls
- Integrates with OpenShift/Kubernetes network policy and plug-ins such as ovs, weave, flannel, calico etc.
- Ensure container compliance with PCI, GDPR, TUEV, HIPAA, etc with run-time vulnerability scanning and Kubernetes CIS bench tests
Automating OpenShift Secure Container Deployment at Experian
Jon Deeming, VP at Experian, presents at Red Hat Summit 2018 how automation can ensure that security policy is consistently deployed into production OpenShift container environments.
“One of things we started to realize is if someone does compromise a pod, and performs a zero-day exploit, there’s nothing at that point to prevent someone from moving from a front end pod to the database pod. So we started looking for alternatives that would effectively give us a software based firewall that runs inside the cluster. We’ve been working with the NeuVector Layer 4-7 firewall and we can now look at traffic flows and create more granular enforcement where we need it for pod to pod traffic. We can also look at the behavior of the applications talking to each other inside the SDN. This allowed us to take a look at the traffic in real-time for things like mal-formed packets. The benefits obviously includes the security aspect but we also had some applications with bad code generating mal-formed packets, which could be seen as beginning a denial of service attack, but were actually due to resource leaks. We were able to pick these issues up with NeuVector that otherwise would have been quite difficult to find, so I’d recommend that you take a serious look at what’s running inside your network.”
“Enterprise customers using Red Hat OpenShift for production container deployments require run- time visibility and security,” said Jesse Wu, head of products – integrated solutions, Red Hat. “We’re excited to bring partners like NeuVector into our ecosystem with Red Hat certified applications to enhance customer security.”
Watch this on-demand video titled “Enhancing OpenShift and Kubernetes Container Security for Business Critical Deployments” with Andrew Toth from Red Hat and Glen Kosaka from NeuVector.