Segmentation, Container Segmentation, and Micro-segmentation At a recent container security conference the topic of ‘container segmentation patterns’ came up, and it became clear that many security architects are wrestling with how to best segment workload communication in the dynamic environment of containers. The question was also raised “Is the DMZ dead?” The concept of network segmentation has been around for …
Rethinking Security at NeuVector – Micro-Perimeters By Gary Duan The application revolution has witnessed the traditional ‘hard-to-change’ monolith that is now broken down into smaller pieces, forming a focused microservices cloud-native architecture which requires ‘micro-perimeters’ for protection. The containerization of applications and their deployment into production are what really led to the introduction of the NeuVector next-generation container firewall. This …
By Gary Duan and Fei Huang Protecting Application Containers A Docker container firewall should be a ‘must-have’ requirement before deploying any container-based applications. In this post we’ll compare a couple ways to deploy a Docker container firewall – manually vs. with a commercial solution such as NeuVector. However you choose to do this, you’ll want to protect containers with at …
Today at DockerCon in Copenhagen NeuVector announced and demonstrated new container protection features. We also announced that NeuVector customer Arvato would be sharing their microservices migration journey in session #126523. Enhanced Run-Time Protection for Suspicious Containers With the release of NeuVector’s new quarantine capability and other new protections at DockerCon Europe 2017, security teams can now automatically or manually quarantine …
How is a Container Firewall Different Than a Web Application Firewall? By Gary Duan Application containers provide an efficient way to deploy and manage applications, including web facing ones. But with containerization, securing applications has become even more challenging. I often get asked for the comparison of a web application firewall vs. container firewall. I also get asked about next …