NeuVector Extends Container Security Reach to Service Meshes
As more layers of software get deployed on top of Kubernetes, the same container security platforms employed to secure clusters should be extended to support service meshes as well. With that goal in mind, NeuVector announced today that its namesake container security platform now supports both the Istio and Linkerd2 service meshes.
NeuVector CEO Fei Huang says that integration also extends to connections that have been encrypted using either service mesh. NeuVector employs deep packet inspection just prior to packets becoming encrypted by a service mesh.
Developed in collaboration with IBM and the Istio open source development team, the technology enables IT teams to gain visibility into containers at runtime as well as all the network communications created, Huang says.
The integration with the service meshes created by NeuVector also extends to protocols employed by the service mesh, such as HTTP and gRPC, as well as other application protocols including TCP, UDP and ICMP.
IT organizations also can use NeuVector’s traffic monitoring and visualization capabilities to verify that their service mesh and Kubernetes clusters have been deployed correctly and are functioning properly.
At its core, NeuVector provides a Layer-7 container firewall that also features capabilities for process monitoring, vulnerability scanning and visibility into east-west traffic. In addition, the container security platform includes an incident response platform through which rules automatically can be applied to quarantine compromised containers, generate custom notifications and whitelist non-critical events. Each rule can be customized to match criteria such as a specific container vulnerability profile or set to address suspicious activity across multiple threat vectors spanning, for example, the container network, processes or file system.
As more instances of containers are deployed on Kubernetes platforms, it’s now only a matter of time before already hard-pressed cybersecurity teams are overwhelmed by the both the volume of containers to be secured and the ephemeral nature of those containers. In some organizations, the lifespan of any container is measured in minutes, and each new container that is spun up to replace another needs to be secured.
Those requirements are driving significant adoption of container security platforms from a variety of vendors. NeuVector claims last year it saw a 270 percent increase in its customer base year over year and that the number of container hosts its platform protects increased more than 700 percent in the last six months of 2018.
Competition across the container security sector is already fierce, even though the percentage of container workloads being deployed in production environments as a percentage of the total is relatively small. Vendors in the space fall mainly into two categories: There are more than a few startup companies that have developed platforms designed specifically for containers, while many existing security platform providers have moved to support containers, contending that most organizations will prefer not to have to deploy a separate platform just to support containers. It remains to be seen which of those two approaches will prevail. But regardless of the path chosen, the one thing that is for certain container security is now top of mind.
