Define Application Security Policy
Create CRDs Using NeuVector Behavioral Learning
Deploy Global Security Policies
Security policies are often required that are not specific to an application, or perhaps apply to a large superset of applications with similar characteristics. Security, compliance and operations teams also have the need to define these policies across an entire cluster or even multiple clusters. NeuVector simplifies deploying these ‘global’ rules. These teams can use the NeuVector CRD to define global security policies which are not tied to application workloads, or apply to other logical groupings of workloads in a cluster, including Global network ingress/egress rules; forbidden processes across all containers; and allowed processes for monitoring or diagnostics across all cluster.
Global CRDs can be used in conjunction with application specific CRDs to ensure complete security protection in the target clusters.
Migrate Policies from Staging to Production Clusters
The NeuVector CRD can be used to migrate all security policies or a selected subset from a staging environment into production after testing is complete. This way, the production environment can always stay ‘locked down’ in a Monitor or Protect mode while new services are deployed or updated.
The NeuVector console provides configuration for a ‘New Services Mode’ which can be set to Discover, Monitor, or Protect. By setting this to Monitor or Protect, all new services must have the security rules in place before they are deployed and begin activity to avoid process, file and network security alerts from being generated when they activate.