NeuVector Announces New Container Risk Reports
May 09, 2019

NeuVector announced new capabilities to help container security teams better assess the security posture of their deployed services in production.

New dashboard widgets and downloadable reports provide security risk scores for the most critical run-time attack risks: network-based attacks and vulnerability exploits in containers. Specifically, NeuVector now delivers an intelligent assessment of the risk of east-west attacks, ingress and egress connections, and damaging vulnerability exploits.

An overall risk score summarizes all available risk factors and provides advice on how to lower the threat of attack – thus improving the score. The service connection risk score shows how likely it is for attackers to move laterally (east-west) to probe containers that are not segmented by the NeuVector firewall rules. The ingress/egress risk score shows the risk of external attacks or outbound connections commonly used for data stealing or connecting to C&C (command and control) servers. Additionally, the vulnerability exploit risk combines run-time scan results for containers with the protection mode of the container. If the container is protected by NeuVector’s whitelist rules for network segmentation and process profiling, then there is a lower risk of a vulnerability exploit spreading or critically damaging the service.

“The NeuVector container security solution spans the entire pipeline – from build to ship to run,” said Gary Duan, CTO, NeuVector. “Because of this, we are able to present an overall analysis of the risk of attack for containers during run-time. But not only can we help assess and reduce risk, we can actually take automated actions such as blocking network attacks, quarantining suspicious containers, and capturing container and network forensics.”

Furthermore, leveraging tight integration with Red Hat OpenShift, the risk assessments and reports are specific to the OpenShift projects and namespaces for each user. With this integration, individual users can review the risk scores and security posture for the containers within their assigned projects. They are able to see the impact of their improvements to security configurations and protections as they lower risk scores and remove potential vulnerabilities. The one-click RBAC integration requires no additional coding, scripting or configuration, and adds to other OpenShift integration points for admission control, image streams, OVS networking, and service deployments.

“We are seeing many business-critical container deployments using Red Hat OpenShift,” said Fei Huang, CEO, NeuVector. “These customers turn to NeuVector to provide complete run-time protection for in-depth defense – with the combination of container process and file system monitoring, as well as the industry’s only true layer-7 container firewall.”

Other useful new tools announced by NeuVector today include a summary of network application protocol usage and downloadable security reports. Also an industry-first, NeuVector’s protocol usage analysis for containers shows the actual application protocols detected by NeuVector using layer-7 deep packet inspection and includes the network utilization in gigabytes for each protocol. These are useful for detecting unusual network patterns, unauthorized protocols, or for general application debugging.

Share this

Industry News

May 28, 2020

Docker has extended its strategic collaboration with Microsoft to simplify code to cloud application development for developers and development teams by more closely integrating with Azure Container Instances (ACI).

May 28, 2020

Eggplant announced updates to its Digital Automation Intelligence (DAI) platform.

May 28, 2020

Aptum launched its Managed DevOps Service in partnership with CloudOps, a cloud consulting and professional services company specializing in DevOps.

May 27, 2020

Red Hat announced an expansion of its application services portfolio with the addition of Quarkus as a fully supported framework in Red Hat Runtimes.

May 27, 2020

Couchbase has completed a $105 million all-equity Series G round of fundraising.

May 27, 2020

Aqua Security closed a Series D round of $30M led by Greenspring Associates.

May 26, 2020

GitLab is releasing 13.0 of its DevSecOps platform to enable organizations to efficiently adapt and respond to new and dynamic business challenges.

May 26, 2020

Solo.io announced the availability of the Istio Developer Portal to streamline the developer onboarding process for improved developer experience and increased productivity with added security features.

May 26, 2020

WhiteHat Security will offer free application scanning services to any education institution to support secure online learning.

May 21, 2020

Exadel announced the Grand Prize winner of the “Appery.io COVID-19 Virtual Hackathon.”

May 21, 2020

CloudBees announced significant advances for its Software Delivery Management (SDM) platform – integrations with additional continuous integration and continuous delivery (CI/CD) engines, including Google Cloud Build and Tekton, and extension of the availability of CloudBees’ SDM Preview Program.

May 21, 2020

OutSystems is announcing over 70 development accelerators that ensure web and mobile applications created on the OutSystems low-code development platform can comply with the highest accessibility standards and regulations.

May 20, 2020

Styra announced that Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh.

May 20, 2020

Optimizely announced that its free feature flagging plan for development teams, Rollouts, now also includes A/B testing and feature configuration.

May 20, 2020

StackRox announced new runtime security features in the latest release of the StackRox Kubernetes Security Platform.