Container segmentation, also called micro-segmentation or nano-segmentation, is often required because containers contain personal or private information about customers or employees or other critical business data. Without segmentation, this information could be exposed to anyone with access to the network because containers are often deployed as microservices which can be dynamically deployed and scaled across a Kubernetes cluster.
Typically, because different services can be deployed across a shared network and servers (or VMs, hosts), and each workload or pod has its own network addressable IP address, container segmentation policies can be difficult to create and enforce.
Only NeuVector enables you to segment container connections and enforce network restrictions to prevent attacks that span an entire cluster or an entire container deployment across clouds. NeuVector offers virtualized network segmentation that is aligned tightly with cloud-native container services deployments as shown below.
With NeuVector, organizations receive:
- Multi-vector threat protection with the combination of network security, application security, endpoint security, and host security.
- Superior threat detection: NeuVector’s container firewall detects threats such as SQLinjections, DDoS, DNS attacks and other application layer attacks by inspecting the payload even for trusted connections.Service mesh integration: threat detection and segmentation even if the connection between two pods is encrypted.
- Automated network segmentation: NeuVector’s patented, cloud-native Layer 7 container firewall uses behavioral learning to discover the connections and application protocols used between services and automatically creates whitelist rules to isolate them.
- Flexibility to segment hybrid workloads: architects and devops teams can maximize performance, resource utilization, and speed up the pipeline with the ability to mix workloads of different required trust levels on the same infrastructure.
NeuVector’s container segmentation solution improves scalability, manageability, and flexibility for deployments to change without needing to change security rules. Layer 7 deep packet inspection allows the container firewall to inspect network traffic for hidden, or embedded attacks, even within trusted connections between workloads.