NeuVector provides a complete platform for achieving Kubernetes-native container security. Importantly, our customers use our platform to protect their container infrastructure without slowing down application development. We empower security, DevOps, and infrastructure teams by simplifying container security and data protection from pipeline to deployment, enforcing compliance, and providing visibility and automated controls to combat security threats both known and unknown.
What problem are you trying to solve?
Businesses migrating to cloud native infrastructures find that existing firewalls and security measures aren’t sufficient for their new containerized environments. Some understand this out of the gate, and others realize it when security problems begin popping up. But just as application development has modernized, the security protecting that accelerated development must keep pace. From Tesla to Capital One, headlines continue to show that Kubernetes is vulnerable without proactive and exhaustive security. (For a very current look at the current state of container security, this just-released survey offers a window into where enterprises stand in their progress.)
Traditional firewalls are designed to protect against attacks arriving via external traffic, but they’re blind to attacks that escalate via the internal “east-west” traffic inherent to (far more dynamic) container environments. At the same time, critical security vulnerabilities can enter at any stage of the CI/CD pipeline. Kubernetes and other container orchestrators and tools also present vulnerable (and increasingly targeted) attack surfaces themselves.
Defending against these threats requires thorough security measures across the full application lifecycle. This means starting from the very beginning of development, through testing, and into deployment where applications are most vulnerable. Unfortunately, misconfigurations that increase risks can be introduced in registries, container hosts, or Kubernetes itself. Container exploits – as well as zero day and insider attacks – threaten production environments in the absence of appropriate protections. And while robust security is critical, security solutions that integrate poorly with container environments or call for manual configuration can reduce the pace of progress through the pipeline, thereby slowing progress toward business goals.
The problem we are solving is delivering comprehensive container security across the full application lifecycle that also has no negative impact on the speed of application development.
How are you solving that problem? How are you different?
Our continuous container security and compliance platform includes our patented container firewall, which seamlessly deploys and integrates with orchestrators and CI/CD tools as a container itself. NeuVector is unique among security solutions in its use of Layer 7 deep packet inspection and behavioral learning technology to identify appropriate container behaviors and allow only approved whitelisted network connections, processes, and file access within the container environment. In this way, any suspicious activities in container processes or the file system are detected and blocked, stopping attacks as they occur in real-time. DevOps teas gain vulnerability and compliance management capabilities that include automated CI/CD scanning and role-based admission controls. NeuVector further differentiates by providing complete attack detection and prevention at run-time, actively protecting application environments in production.
Our customers also benefit from NeuVector-provided CIS Benchmark auditing, which pinpoints where to adhere to security best practices. We also simplify compliance for customers regulated by PCI, GDPR, HIPAA, etc. The platform equips customers with Security Policy as Code – developer and DevOps teams can easily define allowed application behaviors and introduce global rules and protections.
NeuVector also stands alone in providing virtual patching capabilities, detecting suspicious and malicious behaviors and defending workloads and hosts against vulnerabilities in scenarios where patches have not yet been created. NeuVector also offers the risk reporting, alerting, and forensics to satisfy the full slate of enterprise requirements when it comes to delivering comprehensive container security.
How has the pandemic impacted your company?
The pandemic has, at least for our customers, largely accelerated their cloud transformations. We work with customers across multiple verticals. While some businesses in certain industries slowed down scaling, most continued growing their cloud environments (and many went to cloud native infrastructure much faster due to rapid remote working requirements). That in turn accelerated our business, since customers were using more and more container applications across private cloud, public cloud, and hybrid/multiple cloud environments. As a cloud native container security solution, NeuVector fit naturally into that growth.
Where do you see your company going in 5 years?
While Kubernetes is the ubiquitous choice and de facto option for container orchestration, adoption is still in its infancy. As more companies move to Kubernetes (and as those already on it scale their infrastructure), security threats are going to grow in lockstep. Already, attackers have recognized Kubernetes itself as an attack surface worthy of their attention. If businesses continue to rush into containers without putting up sufficient guardrails, the headlines around security breaches are going to scale as well.
We will continually introduce new capabilities for fully securing Kubernetes deployments that stay ahead of threats, enable security to be delivered without slowing down business-critical production, and offer new integrations with complementary technologies to ensure container security is easily achievable without headaches.
And beyond Kubernetes and containers, the cloud native landscape is changing fast and we’ll be continuing to expand in lockstep. Our mission is to provide comprehensive security automation for modern cloud workloads and to help DevOps teams deal with attacks and security issues without slowing down their pipeline. We are already covering popular serverless frameworks like AWS Lambda and Knative, and will continue to fit into modern cloud workloads as they eolve.
What is the next big challenge in information security?
The next big challenge in infosecurity is moving to an automated zero-trust security model. By automation, I mean that application pipelines need to have security automated and integrated to be able to deploy (and update) quickly. By zero-trust, I mean that security must be defined by allowed access and allowed behavior, not deny-lists or signatures like in the past. Automation and zero-trust combine together to enable developer and DevOps teams to help prescribe security controls rather than reacting to attacks.
How do people get involved/buy into your vision?
As more containers get built, DevOps teams use vulnerability scanning tools on their containers – that’s a good security practice as a starting point and is relatively low-hanging fruit. But vulnerability scanning solutions can only find well-known problems and threats (similar to signature-based virus scanning, where the signature database will always be behind and leave security holes open for new threats/attacks).
NeuVector goes beyond this – to where container security must be. For a vision of complete container security to be realized, you need a proactive security approach that will also instantly address new threats and unknown risks. Our behavioral-learning-based lock downs, virtual patching, service mesh security, and Kubernetes/container data loss prevention (DLP) technologies are patented and provide truly the most advanced Kubernetes runtime security on the market today.
NeuVector is easy and free to try: https://go.neuvector.com/try