NeuVector has extended the scope of its ability to secure containers on Amazon Web Services (AWS) public clouds in addition to adding some new capabilities to its namesake container security platform.
Announced at the AWS reinforce 2019 conference, the extended support for AWS from NeuVector now includes AWS Elastic Container Service for Kubernetes (AWS EKS) with automated deployment on EKS enabled via Kubernetes ConfigMaps, which makes to possible to automate the configuration of the NeuVector container security platform on AWS.
NeuVector also announced it can now provide complete runtime security for containers on AWS EKS and that it can protect the AWS App Mesh service mesh.
Finally, NeuVector has added a wizard to its dashboard that recommends improvements to security posture, supports multi-layer image, can capture process histories and provides the ability to block process and file system activity when required.
At its core, NeuVector provides a Layer-7 container firewall that also features capabilities for process monitoring, vulnerability scanning and visibility into east-west traffic. In addition, the container security platform includes an incident response platform through which rules can be applied automatically to quarantine compromised containers. Each rule can be customized to match criteria such as a specific container vulnerability profile or set to address suspicious activity across multiple threat vectors spanning, for example, the container network, processes or file system.
Glen Kosaka, vice president of product management for NeuVector, says that while it’s definitely going to be a multi-cloud world, organizations that have embraced AWS tend to be a little further down the road in terms of adopting both containers and the DevSecOps processes required to secure them. No two organizations may have the same approach to DevSecOps, but they are increasingly aware that rapid deployment of containerized application workloads in public clouds one day will force the transition to DevSecOps processes. Right now, however, it’s not clear to what degree container security concerns are holding back deployments of applications on public cloud platforms.
NeuVector claims last year that transition in part helped it see a 270% increase in its customer base year over year and that the number of container hosts its platform protects increased more than 700% in the last six months of 2018.
In the meantime, the race to secure containers is on. Traditional cybersecurity vendors ranging from Palo Alto Networks to Trend Micro have launched their container security initiatives. In the case of Palo Alto Networks, that means acquiring Twistlock.
Less clear, of course, is who is going to take the lead on container security. In many cases, responsibility for application and cloud security is being shifted left toward developers. Koska notes that to make that transition practical, organizations will need to provide developers with access to programmable security tools. Otherwise, all the good intentions in the world won’t result in better application security unless the tools required to achieve that goal find their way into the hands of developers.