NeuVector has become the newest entrant to the container security market with the launch of a platform that focuses on securing Docker containers at the network level, with behavioral learning built in.
The NeuVector team has a background in network security. That experience shows in the company’s new Docker security platform, which launched Jan. 31. The product secures containers primarily by scanning network detections for threats, then blocking abnormal connections.
But that’s not all. NeuVector also provides runtime vulnerability scanning and anti-DDoS attack protection. And the product runs as a container itself, minimizing the challenge of setup and configuration.
Probably the most interesting feature in NeuVector, however, is built-in behavioral learning, which is designed to make the security package smarter over time.
The Crowded Container Security Market
The market for commercial solutions for securing Docker containers has gone from being almost nonexistent a year ago to quite crowded today. Vendors such as Twistlock and Aqua are already active in the space. Docker and CoreOS also offer partial container security solutions in the form of container image scanners.
NeuVector hopes to stand out against this backdrop by focusing on the network layer as the key to securing containers. The company says no other solution properly leverages the network to deliver Docker security.
“Coming from a traditional network security background, we quickly realized that existing approaches are not adaptable to container environments—they don’t transfer well, and other solutions are slow and incomplete,” said Fei Huang, CEO of NeuVector. “In order for security teams to keep up with DevOps, they can’t be running around inspecting iptables and updating rules. What we’ve designed is a security container that is intelligent enough to understand—in real-time—what applications are doing. There’s not a faster, easier and more secure way to ensure Docker container environments are protected from unwanted or malicious traffic.”
The Many-Layered Container Security Challenge
Will NeuVector be the container security product that Docker users everywhere have been waiting for? There’s a good chance it will provide at least part of the solution. But it may need to be paired with other solutions to keep an entire Docker environment secure.
The tricky thing about Docker security is that there are many layers to a Docker stack. From the container image registry and container images to networks, storage systems and the Docker daemon, you have a lot of moving parts to contend with. NeuVector is now offering what appears to be an innovative way to secure some of those layers. But a complete Docker security strategy, of course, requires you to address each layer, and there is still no one-stop shopping for that.