NeuVector, which delivers continuous network security for containers, today announced two key releases in support of enterprises evaluating the security of their Kubernetes 1.6 deployments. The announcements come in the wake of the Center for Internet Security (CIS) releasing its Kubernetes CIS Benchmark on Kubernetes 1.6 security auditing.

With the CIS Benchmark including more than 100 recommendations, NeuVector is providing a simple method for testing whether Kubernetes 1.6 deployments are in compliance. First, NeuVector is releasing powerful open source tools that enterprises can immediately use to run tests across Kubernetes 1.6 master and worker nodes to verify compliance with the CIS Benchmark. Additionally, NeuVector has fully implemented these tools into its container security solution for automatic testing across distributed Kubernetes clusters.

The nature of Kubernetes -- a complex orchestration platform utilizing a host of interconnected services -- naturally makes evaluating the security of a Kubernetes implementation challenging for enterprises that are not equipped with customized tools, such as those that NeuVector has now contributed to the open source community. These tools, under Apache License 2.0, come in the form of scripts designed to perform tests for each of the 100+ recommendations included in the CIS Benchmark. As the new standard includes separate security recommendations for the Kubernetes master node and worker node, NeuVector has created two separate scripts to address each need. The recommendations of the CIS Benchmark generally focus on key security areas within Kubernetes: the use of privileged containers, API server authentication and authorization, Kubelet authentication, etcd security, data security (files, sensitive information, etc.), certificate management, pod security, and more.

At the same time, DevOps and engineering teams using NeuVector will now benefit from the fact that CIS Benchmark auditing and compliance testing is simple to execute in NeuVector-protected Kubernetes clusters. Ensuring continuous security compliance for a dynamic and complex Kubernetes deployment is a much more involved task than evaluating a test cluster. With the NeuVector security container deployed on Kubernetes master and worker nodes, CIS Benchmark tests can be quickly scheduled and run, with the NeuVector controller centralizing the coordination of tests and collecting audit logs for each node.

"As a container run-time and network security leader, NeuVector is deeply invested in supporting security compliance and auditing for production container deployments," said Fei Huang, CEO, NeuVector. "This commitment is demonstrated with the release of our open source tools that greatly simplify Kubernetes 1.6 CIS Benchmark compliance testing, as well as by adding these tests as an automatic feature within our solution. We invite the Kubernetes security community to take full advantage of these open source tools, and ensure they continue to evolve as Kubernetes does."

NeuVector's open source tools for testing Kubernetes 1.6 CIS Benchmark compliance are available here.

NeuVector's Kubernetes CIS Benchmark audit feature is currently in beta -- request to try it here.