SUSE has acquired NeuVector to add an enterprise-grade container security tool to its cloud-native computing portfolio. That will soon become available as open source software, the company says.
Sheng Liang, president of engineering and innovation, SUSE, says one of the most impressive aspects of the NeuVector approach is that it relies on network inspection to monitor runtime behaviors in a way that is unobtrusive.
NeuVector created what it describes as a “multi-vector container firewall” that protects container networks from Layer 3 through Layer 7. It detects and displays real-time connection information for all container traffic and can easily capture network packets for container application debugging and forensics. NeuVector also automatically segments traffic based on application layer behavior, regardless of network settings.
That capability aligns especially well with organizations that are shifting toward a zero-trust approach to implement DevSecOps best practices across a cloud-native application environment.
SUSE acquired Rancher Labs at the end of 2020 to gain access to both a management framework for Kubernetes clusters and a curated instance of the container orchestration platform that is optimized for enterprise IT environments. Now, SUSE is moving toward extending the reach of the management framework it provides to now include security platforms such as NeuVector.
The challenge and opportunity at hand is to automate as many security processes as possible in a way that doesn’t always require developers and end users to manually implement a set of DevSecOps best practices, says Liang.
SUSE is committed to ensuring the NeuVector will continue to maintain support for other distributions of Kubernetes from Red Hat, VMware and Mirantis. At the same time, SUSE will continue to partner with cloud-native security vendors such as Aqua Security, Palo Alto Networks and Sysdig.
Ultimately, it’s still not clear how far left responsibility for security might shift toward developers. On one hand, developers are keenly interested in being able to build and deploy applications that are secure. The issue is that most developers don’t have a lot of time available to master all the nuances of application security. The more automated application security becomes within the context of the platform on which applications are already being deployed, the easier it will become to achieve and maintain container security.
Of course, there are more than a few developers that assume containers don’t run long enough to be targeted by cybercriminals. In reality, as more stateful applications are deployed on platforms such as Kubernetes, the containers used to build them are running for longer periods of time. The fear is that once a container is compromised, it’s relatively easy for malware within that container to spread laterally or even take over an entire host.
Most of the security issues involving containers have typically involved so-called cryptojacking attacks that employ containers to mine digital currencies. While generally considered a nuisance crime, those attacks also present cybercriminals with an opportunity to create backdoors that they might be able to exploit later. As more mission-critical workloads based on containers are deployed on those platforms, it becomes relatively trivial for cybercriminals to regain access. The challenge, therefore, is to eliminate as much petty crime as possible to head off more serious transgressions that often follow.