As more containers get deployed across the enterprise, securing them has become a much a higher priority. But while developers are getting better at securing applications, they still don’t have much expertise when it comes to network security. To address that issue, NeuVector released an update to a Layer-7 container firewall that now detects suspicious process and privilege escalations within hosts or containers in addition to attacks being launched via tunnels in the network or that employ reverse shell connections.
Glen Kosaka, vice president of product for NeuVector, says that while developers clearly have a greater appreciation for security these days, asking them to become experts in network security isn’t a reasonable expectation. NeuVector is trying to abstract away much of that complexity using a Layer 7 firewall that can natively run on top of either Docker encrypted networks or Red Hat OpenShift, Rancher and Kubernetes deployments. NewVector has also demonstrated compatibility with VMware Integrated Containers (VIC).
Adapting to evolving container security needs, NeuVector 1.3 features a wealth of key security, integration and UI additions. NeuVector is also releasing an enterprise version of the solution, which features capabilities specifically designed for large-scale deployments.
The latest release of NeuVector also adds an automated forensic capture on every detected threat along with other user interface enhancements.
Finally, NeuVector is also making available an enterprise edition of the company’s container firewall that includes support for polices based on DNS names; webhook notifications for security events; a REST application programming interface (API); rolling updates; support for single sign-on (SSO), SAML and LDAP integration; and higher levels of technical support. Interest in the enterprise edition of NeuVector is running high, Kosaka says, as most containerized applications need to communicate with existing legacy applications containing sensitive data.
Fresh from raising an additional $7 million in funding, NeuVector faces the challenge of bridging the divide between developers and IT security and networking teams. The latter are not especially familiar with container technologies, while developers tend to have a lot of competing priorities. That generally results in a long education process, he says. Because the NeuVector container firewall is deployed as a container, it provides the additional benefit of being easily integrated within the context of a larger continuous integration and continuous deployment (CI/CD) environment, says Kosaka.
It’s not clear to what degree security concerns are holding back adoption of containers. Security is always listed as the top concern. But history has shown time and again that security concerns don’t seem to have much of an impact when weighed against advances in productivity. In fact, if history is any guide, container security will be addressed as an afterthought much like it has always been. The compelling aspect about a firewall delivered as a container is that once IT security does become an issue, the amount to time an effort to deploy a firewall as containers should be substantially less than your average virtual appliance.