OpenShift Container Security
NEUVECTOR Container Security RedHat OpenShift Kubernetes Network Security Container Threats Leave a Comment
OpenShift Security for Network Visibility and Runtime Protection
RedHat OpenShift and Kubernetes provide the tools to deploy and manage containers at scale. But how can OpenShift security be integrated into the workflow? In this briefing, NeuVector CTO Gary Duan introduces the docker container threat landscape and the Openshift security requirements for the Build, Ship, and Run phases. Runtime visibility and Kubernetes security is especially difficult and requires automation and built-in intelligence to scale. He shows how NeuVector inspects and visualizes network connections and protects OpenShift managed containers during runtime. NeuVector uses behavioral intelligence to discover the container application stack and network connections, and builds a whitelist-based security policy to protect containers as they scale up or down.
Gary also demonstrates how NeuVector captures network connections for applications deployed with OpenShift and provides multiple security layers for protecting and auditing an OpenShift environment. A demo of the Dirty Cow linux exploit on a container demonstrates how the NeuVector OpenShift security container can detect violations and privilege escalations in a kubernetes container environment.
Presentation Highlights:
- Complete OpenShift security requires a layered security strategy for the build, ship, and run phases of the CI/CD pipeline. NeuVector calls this ‘continuous security’ for containers.
- The migration from monolithic applications to microservices has created an explosion in east-west internal traffic. Traditional security tools are blind to this traffic and can’t keep up with the dynamic nature of containers.
- The increased use of open source in containers has introduced increased risk of vulnerabilities. Even without this trend, new zero-day exploits frequently target previously unknown vulnerabilities to compromise container based applications.
- The declarative nature of containers makes it possible for security to be automated and built into the CI/CD process. Security is now able to scale as containers scale, but must have intelligence at the network layer to be truly effective.
- OpenShift security should address the use cases of ransomware, insider attacks, container break outs, and hybrid container / non-container environments.
Categories
- Container Security (75)
- Cloud Security (35)
- Docker Security (30)
- Kubernetes Security (26)
- Press Releases (21)
- Container Threats (18)
- Network Security (18)
- Articles (14)
- Kubernetes (13)
- Vulnerabilities (13)
- Container Networking (8)
- Container Firewall (7)
- Exploits (7)
- RedHat OpenShift (7)
- cloud-native security (7)
- AWS (6)
- Partnerships (6)
- Alerts (4)
- Ebooks + Guides (4)
- data loss prevention (4)
- security automation (4)
- service mesh (4)
- Cloud services (3)
- Compliance (3)
- Cyber Attacks (3)
- Kubernetes system (3)
- Microservices (3)
- NeuVector Product (3)
- Serverless (3)
- dlp (3)
- AWS ECS (2)
- CI/CD (2)
- CIS Benchmark (2)
- Customer Stories (2)
- Docker (2)
- Infrastructure as Code (2)
- Istio (2)
- Open Source (2)
- PCI Compliance (2)
- PCI-DSS (2)
- Slider Ebooks & Guides (2)
- Terraform (2)
- VMware (2)
- run-time (2)
- security mesh (2)
- shift left (2)
- waf (2)
- Alibaba (1)
- App Mesh (1)
- Backdoor (1)
- Banking (1)
- Black Duck Software (1)
- Docker Hub (1)
- Docker Networking (1)
- Docker container firewall (1)
- ECS (1)
- EKS (1)
- Events (1)
- Financial Services (1)
- GDPR (1)
- IBM Cloud (1)
- Internet of Things (1)
- JFrog (1)
- Jenkins (1)
- Knative (1)
- OpenShift (1)
- Secrets (1)
- VMware Photon (1)
- Virtual Patching (1)
- Webinar (1)
- admission control (1)
- application security (1)
- container risk score (1)
- cpu optimization (1)
- crypto (1)
- data breach (1)
- dpi (1)
- grafana (1)
- linkerd2 (1)
- micro-perimeter (1)
- monitoring (1)
- pci (1)
- prometheus (1)
- rancher (1)
- real-time containers (1)
- sdlc (1)
- sensitive data (1)