NeuVector, a firm that deals with container network security, yesterday, announced new capabilities to help container security teams better assess the security posture of their deployed services in production.
NeuVector now delivers an intelligent assessment of the risk of east-west attacks, ingress and egress connections, and damaging vulnerability exploits. An overall risk score summarizes all available risk factors and provides advice on how to lower the threat of attack – thus improving the score. The service connection risk score shows how likely it is for attackers to move laterally (east-west) to probe containers that are not segmented by the NeuVector firewall rules.
The ingress/egress risk score shows the risk of external attacks or outbound connections commonly used for data stealing or connecting to C&C (command and control) servers.
In an email written to us, Gary Duan, CTO of NeuVector said, “The NeuVector container security solution spans the entire pipeline – from build to ship to run. Because of this, we are able to present an overall analysis of the risk of attack for containers during run-time. But not only can we help assess and reduce risk, we can actually take automated actions such as blocking network attacks, quarantining suspicious containers, and capturing container and network forensics.”
With the RedHat OpenShift integration, individual users can review the risk scores and security posture for the containers within their assigned projects. They are able to see the impact of their improvements to security configurations and protections as they lower risk scores and remove potential vulnerabilities.
The one-click RBAC integration requires no additional coding, scripting or configuration, and adds to other OpenShift integration points for admission control, image streams, OVS networking, and service deployments.
Fei Huang, CEO of NeuVector said, “We are seeing many business-critical container deployments using Red Hat OpenShift. These customers turn to NeuVector to provide complete run-time protection for in-depth defense – with the combination of container process and file system monitoring, as well as the industry’s only true layer-7 container firewall.”
To know about this announcement in detail visit the official website.