NeuVector today moved to better secure Kubernetes clusters to secure both files and processes and layered an incident response system on top of the container platform.
Glen Koaska, vice president of product for NeuVector, says NeuVector 2.0 provides IT organizations with a Layer-7 container firewall that also provides container process monitoring, vulnerability scanning and visibility into east-west traffic.
As an incident response platform, NeuVector also now includes support for auto-response rules that can be employed to quarantine compromised containers, generate custom notifications and whitelist non-critical events. Each rule can be customized to match criteria such as a specific container vulnerability profile or set to address suspicious activity across multiple threat vectors spanning, for example, the container network, processes or file system.
NeuVector 2.0 automatically identifies suspicious processes or file system activities using a baseline that establishes normal behavior within the overall environment. Any installation of malicious packages, libraries, executables or any modification to sensitive files triggers a NeuVector scan for vulnerabilities and an alert.
These capabilities are now critical because cybercriminals have become more adept at launching multivector attacks, says Koaska. The goal is to identify the “kill chain” stages of cyberattack as part of an effort to prevent or limit a cybersecurity breach.
As a new platform in the enterprise, Koaska notes Kubernetes is driving many organizations to rethink how they approach cybersecurity. Traditional firewalls may still play a role at the perimeter, but a Layer 7 firewall makes it possible to better protect containers or sets of microservices running on the Kubernetes cluster, he says.
The latest version of NeuVector also sports a revamped user interface that makes it easier to manage deployments of NueVector at scale, he says. The fact that Kubernetes runs on any platform will significantly advance hybrid cloud computing. But trying to centrally secure multiple instances of Kubernetes will prove challenging unless there’s an ability to centrally deploy and manage all the associated Layer-7 firewalls, Koaska says.
Further exacerbating that challenge is the fact that Kubernetes is showing up not only on multiple virtual machines, but also on bare-metal servers running on-premises and in the cloud. That means most IT organizations will not be able to simply extend existing cybersecurity frameworks optimized for virtual machines. Koaska says a more granular approach will be required, especially as instances of containers start to move across multiple instances of Kubernetes clusters.
Despite the rise of DevSecOps, cybersecurity professionals will continue to play a significant role in the ongoing management of cybersecurity. Developers may bake more security controls into the application, but platforms such as firewalls still need to be centrally managed. Each development team will be focused on their specific application, so organizations will be challenged with figuring out what makes the most sense from a separation of duties and responsibility perspective, then determining how best to manage the enforcement of cybersecurity policies ongoing.