Service Mesh Security

Service Mesh Protection in Production

Unique Network Visibility and Protection for Application Workloads and Service Mesh System Containers

The NeuVector Service Mesh Security solution delivers first-of-its-kind network visibility and threat detection, even for connections that are encrypted by Istio or Linkerd2.

  • Discover, monitor, visualize, and protect service mesh connections and system containers
  • Integrates Layer 7 firewall threat detection and segmentation into a service mesh
  • Adds end-to-end security with run-time, network, container, and host security plus vulnerability management

Get Service Mesh Benefits, Securely

Service meshes such as Istio and Linkerd2 offer advanced application service discovery and routing benefits. Although a service mesh has some security features such as encryption, it is NOT a security solution. It is not designed to provide the type of network, endpoint and host security required for defense in depth.

What’s needed is a ‘Security Mesh‘ for your Service Mesh.

  • Securely deploy a service mesh on Kubernetes
  • Adds service mesh security features for defense in depth
  • Supports alerting and forensics with SIEM integration, packet captures, and custom alerting

Deep Network Visibility and Protection - Even for Encrypted Traffic

The patent-pending NeuVector integration enables deep packet inspection of all network connections in the service mesh even if pod to pod encryption is enabled. This allows NeuVector to perform threat detection, automated segmentation and other critical network security functions for service mesh workloads.

Watch demo video

  • Detects embedded attacks such as SQL injection, DDoS, and DNS even in trusted connections
  • Behavioral learning automatically whitelists and segments application workloads
  • Monitors and protects system connections such as proxy and control plane traffic
  • Extends protocol support to other HTTP applications and protocols such as ICMP and UDP

Simplifies Service Mesh Security and Monitoring

NeuVector dramatically simplifies the ‘service mess’ experienced by the explosion of east-west traffic for proxy and control plane connections.

  • Discover, monitor, visualize, and protect system connections
  • Hides system traffic to focus on application workload security
  • Automatically creates whitelist rules for system connections

End-to-End Container Security for Hybrid Service Meshes

NeuVector delivers a highly integrated, automated security platform for Kubernetes, OpenShift, Docker and other container platforms. Full lifecycle container security supports DevOps and Security teams from Build to Ship to Run. It is likely that not all application container workloads will be practical or possible in a service mesh, and NeuVector can seamlessly support hybrid deployments with service mesh and non-service mesh workloads.

  • Full CI/CD vulnerability scanning from build to ship to run
  • Complete run-time security with network container firewall, container host and file system monitoring, and host security
  • Compliance through CIS benchmarks and network segmentation

Endorsed by Enterprises on the Forefront of Technology

“We selected NeuVector to protect containers in production because it combines network and run-time security with vulnerability management for compliance. NeuVector is continuing its innovation by providing deep network visibility into service mesh encrypted traffic.”

– Christian Hüning, System Architect, figo GmbH.

Take the Next Steps