DEVOPSdigest

NeuVector announced comprehensive run-time container security for enterprises deploying in the Amazon Web Services (AWS) Cloud. AWS Cloud integrations now available from NeuVector include:

- AWS Elastic Container Service for Kubernetes (AWS EKS) with automated deployment on EKS with

- AWS ECS with complete run-time security for containers

- AWS App Mesh with a layer 7 container firewall capable of inspecting and protecting service mesh traffic (even if encrypted by AWS App Mesh)

These comprehensive integrations with AWS cloud services enable enterprises requiring in-depth defense to easily and automatically protect containers during their entire lifecycle, from build to ship to run.

NeuVector today also announced several new features that have been recently integrated into NeuVector's end-to-end container security platform, including:

- Kubernetes ConfigMaps: provides completely automated, predefined NeuVector configuration to ensure secure and error-free deployment.

- Process and file system blocking: stops potentially malicious processes, file system activity, and network connections.

- Process history recording: makes it easy to review the process history in order to discover anomalies and to fully capture forensic history.

- Multi-layer image scanning: scans image layers for a deeper and more accurate analysis of potential vulnerabilities.

- New dashboard wizard: improves security posture by recommending improvements, corrective actions, and security checklists for review.

All of these new capabilities are available for both public cloud container deployments, such as on AWS Cloud, as well as on-premise container deployments.

The NeuVector platform now supports automated container security deployments by providing "Policy as Code" automation for ultra-secure container deployments. It accomplishes this by leveraging featured Kubernetes ConfigMaps to achieve secure initial deployments into production environments with predefined configurations.

In addition, a declarative security policy tool enables developers and DevOps teams to predefine run-time security rules for deployment from the beginning of the application lifecycle, whenever a new service is deployed. This includes network and process whitelisting in standard Kubernetes YAML files that can be deployed concurrently with new applications to ensure their security in production. At the same time, NeuVector's new controls for process and file system blocking enhance run-time security without compromising network protection. Process history recording also adds to existing network packet captures to offer complete forensic recording of cluster activities.

"At NeuVector, we thoroughly understand the automation and visibility required to achieve fully-secured container environments at run-time, and actively pursue new features designed to offer the most meaningful security enhancements available from an enterprise perspective," said Gary Duan, CTO, NeuVector.