NeuVector has released a new Security Policy as code capability for Kubernetes workloads. This release will automate container security for DevOps teams by using Kubernetes Custom Resource Definitions (CRDs). As security policies can be defined, managed, and automated during the DevOps process, teams will be able to quickly deliver secure cloud-native apps.
These security policies can be implemented using CRDs to deploy customized resource configurations via YAML files. As these security policies are defined as code, they are version-tracked and built for easy automation. Teams can easily migrate security policies across Kubernetes clusters (or from staging to production environments) and manage versions of security policies tied to specific application versions.
“By introducing our industry-first Security Policy as Code for Kubernetes workloads, we’re excited to provide DevOps and DevSecOps teams with even more control to automate safe behaviors and ensure their applications remain secure from ever-increasing threat vectors,” explains Gary Duan, CTO, NeuVector. “We continue to build out new capabilities sought by customers – such as DLP, multi-cluster management, and, with today’s release, CRD support. Our mission is acutely focused on raising the bar for container security by offering a complete cloud-native solution for the entire application lifecycle.”
Features of NeuVector’s Security Policy as code
- Captures network rules, protocols, processes, and file activities that are allowed for the application.
- Permits allowed network connections between services enforced by application protocol (layer 7) inspection.
- Allows or prevents external or ingress connections as warranted.
- Sets the “protection mode” of the application to either Monitor mode (alerting only) or Protect mode (blocking all suspicious activity).
- Supports integration with Open Policy Agent (OPA) and other security policy management tools.
- Allows DevOps and security teams to define application policies at different hierarchies such as per-service rules defined by DevOps and global rules defined by centralized security teams.
- It is extensible so as to support future expansion of security policy as code to admission control rules, DLP rules, response rules, and other NeuVector enforcement policies.