[img type=”thumbnail” fluid=”true”]
[/img]We’re happy to announce that the 2.0 release of the NeuVector Container Security Platform is now generally available! The 2.0 release is a major expansion of the platform to include end-to-end vulnerability scanning, automated real-time security incident response, and enhanced multi-vector detection of container attacks. Cloud-native enterprise integration is also enhanced with OpenShift and Kubernetes RBAC integration. There’s also a totally redesigned console UI to help enterprises navigate hundreds and thousands of containers and services to quickly find security hot spots.
Here’s some of the exciting new features in 2.0.
End-to-End Vulnerability Scanning Integrates Into CI/CD Pipeline
NeuVector 2.0 now enables registry images to be easily scanned for vulnerabilities, with support for RedHat/Openshift, Amazon ECR, Microsoft Azure ACR, jFrog Artifactory, and local Docker registries. With this new capability, enterprises can have automated image scanning integrated into their CI/CD processes from day one. NeuVector is also making a Jenkins plugin available that introduces automated scanning in the image build process. Customers using Jenkins in their integration and build processes can set policies for allowing or failing builds based on whether vulnerabilities are detected in the images. The automated registry and image build-time scanning is designed to ensure that known vulnerabilities are not introduced into the application development and deployment lifecycle.
These new vulnerability management capabilitiies add to the run-time scanning and automated CIS benchmarks for Docker and Kubernetes to provide a complete vulnerability and compliance management solution for containers. Also, as described below in file system monitoring, containers are automatically rescanned if any packages or libraries are detected to be changed in containers.
Automated Response Rules
When NeuVector detects threats and vulnerabilities, the new auto-response rules – built to address common container attacks and security alerts – instantly provide response actions to protect containers and generate alerts. These rules can also be customized to match criteria such as specific container vulnerability profiles, or set to address suspicious activity across multiple threat vectors – including the container network, processes, or file system.
NeuVector 2.0 provides a unique range of incident responses, with full capabilities to quarantine compromised containers.
Enhanced Multi-Vector Attack Detection
The enhanced 2.0 release further protects Kubernetes environments by building on the unique NeuVector multi-vector run-time security platform, which combines east-west traffic visibility with container inspection and vulnerability scanning. The market leading container firewall with Layer 7 deep packet inspection has been expanded to detect container and host process and file system exploits.
NeuVector 2.0 adds new automated protections that detect exploits within containers, such as suspicious processes or file system activities. The security solution automatically calculates a baseline of container processes, whitelists legitimate activity, and alerts on any deviation from the baseline.
Any installation of malicious packages, libraries, or new executables – or any modification to sensitive files – triggers NeuVector to scan the container for vulnerabilities and alert on the suspicious activity.
RBAC Integration
2.0 also expands support for Red Hat OpenShift Container Platform and Kubernetes by adding integration with role-based access controls (RBACs). The new capability can instantly enable developers, architects, DevOps personnel, and security teams to achieve more complete security visibility and management for Red Hat OpenShift-deployed containers. For Kubernetes native deployments, access controls for NeuVector are easily created based on Kubernetes namespaces.
Large Enterprise Console UI
The redesigned console UI provides efficient management of large-scale enterprise deployments where dozens of applications/namespaces and thousands of services and containers are constantly scaling up and down.
In this complex dynamic environment, operators need quick access to see security hot spots and drill down into the services affected. The 2.0 release provides automated expansion and collapsing of namespaces and domains to simplify the visualization of containerized services. Advanced filtering and search capabilities enable operators to be even more efficient.
