Service Mesh Security
Service Mesh Protection in Production
Unique Network Visibility and Protection for Application Workloads and Service Mesh System Containers
The NeuVector Service Mesh Security solution delivers first-of-its-kind network visibility and threat detection, even for connections that are encrypted by Istio or Linkerd2.
- Discover, monitor, visualize, and protect service mesh connections and system containers
- Integrates Layer 7 firewall threat detection and segmentation into a service mesh
- Adds end-to-end security with run-time, network, container, and host security plus vulnerability management
Get Service Mesh Benefits, Securely
Service meshes such as Istio and Linkerd2 offer advanced application service discovery and routing benefits. Although a service mesh has some security features such as encryption, it is NOT a security solution. It is not designed to provide the type of network, endpoint and host security required for defense in depth.
What’s needed is a ‘Security Mesh‘ for your Service Mesh.
- Securely deploy a service mesh on Kubernetes
- Adds service mesh security features for defense in depth
- Supports alerting and forensics with SIEM integration, packet captures, and custom alerting
Deep Network Visibility and Protection - Even for Encrypted Traffic
The patent-pending NeuVector integration enables deep packet inspection of all network connections in the service mesh even if pod to pod encryption is enabled. This allows NeuVector to perform threat detection, automated segmentation and other critical network security functions for service mesh workloads.
- Detects embedded attacks such as SQL injection, DDoS, and DNS even in trusted connections
- Behavioral learning automatically whitelists and segments application workloads
- Monitors and protects system connections such as proxy and control plane traffic
- Extends protocol support to other HTTP applications and protocols such as ICMP and UDP
Simplifies Service Mesh Security and Monitoring
NeuVector dramatically simplifies the ‘service mess’ experienced by the explosion of east-west traffic for proxy and control plane connections.
- Discover, monitor, visualize, and protect system connections
- Hides system traffic to focus on application workload security
- Automatically creates whitelist rules for system connections
End-to-End Container Security for Hybrid Service Meshes
NeuVector delivers a highly integrated, automated security platform for Kubernetes, OpenShift, Docker and other container platforms. Full lifecycle container security supports DevOps and Security teams from Build to Ship to Run. It is likely that not all application container workloads will be practical or possible in a service mesh, and NeuVector can seamlessly support hybrid deployments with service mesh and non-service mesh workloads.
- Full CI/CD vulnerability scanning from build to ship to run
- Complete run-time security with network container firewall, container host and file system monitoring, and host security
- Compliance through CIS benchmarks and network segmentation
Endorsed by Enterprises on the Forefront of Technology
“We selected NeuVector to protect containers in production because it combines network and run-time security with vulnerability management for compliance. NeuVector is continuing its innovation by providing deep network visibility into service mesh encrypted traffic.”
– Christian Hüning, System Architect, figo GmbH.