Fei Huang and Gary Duan co-founded NeuVector in 2015 right at the start of the Kubernetes container security era. Not only colleagues at work but also friends in life, Fei and Gary bring over 35 years of combined experience in enterprise security, virtualization, embedded software, networking, and cloud. But their passions and interests in life don't end with security: soccer, hiking, snowboarding, traveling, and photography are their hobbies (and we'll let you guess who does what!) Fun fact - the soccer field was where they started brainstorming business ideas that led to founding NeuVector.
As enterprises migrate to the cloud, shift left with DevOps strategies, and invest in microservices, security strategies need a fresh look. Early container security solutions focused on vulnerability scanning.
This year, a new vulnerability, CVE-2020-8554, was reported and it affects all Kubernetes versions. The vulnerability enables the attacker to take advantage of the Kubernetes' built-in service definition with a less-often used option, externalIPs, to initiate a Man-in-the-Middle attack. Conceptually, this MiTM is not new at all, it's one of the most popular network attacks in traditional network environments. It’s not surprising that hackers apply their old tricks to the container/Kubernetes world.
Containers and tools like Kubernetes enable enterprises to automate many aspects of application deployment. Speeding up processes, saving time and money for businesses, as well as improving DevOps productivity are key benefits of moving to microservices. Despite the technology upgrade, these deployments can be just as vulnerable to attacks and exploits as traditional environments. New environments and tools present new …