Are you attending DockerCon
2019? If so, I invite you to add NeuVector to your MUST SEE list of
vendors.
DockerCon 2019 is right around the
corner, taking place April 29th - May 2nd at the Moscone
Center in San Francisco, CA. This is one
of the leading container industry conferences, covering all things containers
related, including Kubernetes, microservices, and DevOps.
One of the vendors exhibiting this
year is NeuVector. If you are attending,
make sure to get them on your busy schedule and visit their booth to learn
more. They are leading the way in run-time
protection, complete with container network security - delivering and
end-to-end Kubernetes security platform.
And they are the only next generation container firewall with
packet-level interrogation and enforcement.
Read this exclusive pre-show interview with
NeuVector to learn what they have planned ahead of the start of the show. Be in the know!
VMblog: Attendees are going to
want to speak with you. How can they find
you at DockerCon 2019? Where will you be
located? And how can they follow you?
NeuVector: Schedule an appointment by sending an email to info@neuvector.com or reserve your time
here: Appointment. And, drop by the NeuVector booth # C16!
VMblog: Is there anything
interesting or unique about this year's booth setup? Do you have a theme?
NeuVector: Yes, this year our theme is "Run-Time
Protection Without Compromise". As we started thinking about DockerCon, we
realized that the market was sending mixed messages about container run-time
protection. It's important for container customers to understand that not all
run-time protection is the same. True protection must include deep packet
inspection, at the network level, to give you full security at run-time.
Without this network level protection, your containers are still vulnerable to
malicious attacks. We like to say the network is the ultimate source of truth
in detecting and preventing attacks. Hackers need the network to get in, move
laterally, and connect externally to steal data or download malware.
VMblog: If an attendee likes
what they see and hear at your booth, what message about your product can you
send them back with to sell their boss on your technology?
NeuVector: They should talk to their bosses
about the need to secure container deployments, and the best way to do this is
with a comprehensive container security platform like NeuVector, which features
deep packet/network level security controls for containers. This is what we
mean by Run-Time Protection Without Compromise. Containers need the same level
of defense in-depth as any of their business apps, and hackers have proven they
can find unknown vulnerabilities and other back doors to exploit.
VMblog: Twistlock and Aqua are focusing on scanning, and you guys are focusing on
container runtime protection, take a moment to explain the differences.
NeuVector: Scanning for CVE's is an important
DevOps discipline but it does you no good when your containers get into
production. Once you go into production, hackers become your worst enemy and
only by using NeuVector with comprehensive run-time protection can you keep
hackers out.
VMblog: How does your run-time security differ from the claims of your competitors
around run-time?
NeuVector: Twistlock and Aqua offer only very
weak network monitoring, essentially trying to guess what network connections
are attacked. You should never accept this level of protection in this day and
age when hackers are expert at finding ways into vulnerable deployments. We
offer the industry's only Layer 7 firewall with deep packet inspection, threat
detection, DLP capability and packet capture. This is what makes our run-time
security so powerful and essential.
VMblog: We've told attendees to
come by and visit you. But can you
better articulate WHY they need to add you to their MUST SEE list?
NeuVector: We have some of the most exciting new technologies here at the show for
attendees to see - these include our newly announced support for ISTIO/service
mesh, and our new DLP capability. Service meshes, such as ISTIO are the most
exciting new topic in the eco-system right now.
Attendees should come by our booth to learn more about how service
meshes work and talk to our experts about how to secure them. NeuVector is the
only run-time container security solution that is able to inspect encrypted
service mesh connections for embedded attacks.
VMblog: If you would, please
explain or give readers a few reasons why your product or service is considered
unique?
NeuVector: NeuVector is the only container security platform offering
comprehensive run-time security including a container network firewall to
protect all traffic coming in and out of the container at the network, Layer 7,
level. Without this protection, containers still are vulnerable to hackers and malicious
attacks. You get unprecedented visibility and protection by being able to see
and block attacks by an inline firewall for container traffic.
VMblog: What would you say to
prospective attendees who are thinking about attending DockerCon but aren't
sure if it's worth it or not?
NeuVector: Two or three years ago, DockerCon was mostly open
source developers who wanted to play with containers. But now, we've seen the
market shift and the focus is more serious as users increasingly are moving
containers into production. DockerCon is an excellent venue for security and
container architects who have serious questions about how best to secure their
containers in production.
VMblog: Let's talk a little more
about container security. I've heard you mention runtime protection several
times. Why is run-time protection important, and how can an enterprise make
sure they have true container runtime protection?
NeuVector: Run-time security means securing
containers as they move out of DevOps into production. Scanning is an important
security measure while the containers are in DevOps, and our NeuVector
Container Security Platform has some of the fastest scanning available. For
containers in run-time it's important to move beyond scanning and monitor
what's going on in the container, sys-calls, etc., and to protect against what
might be coming in from the outside - from hackers, malicious attacks, etc.,
via the network and spreading laterally across the network. This is why you can't
claim to have run-time security without network protection - the network piece
of it is of critical importance.
VMblog: There has been a lot of talk
about Shift-Left Security. What's your take on this?
NeuVector:
Developers are becoming more aware about the importance of security and
that's a good thing. This is increasing the security requirements in the build
and CI/CD pipeline. As DevOps repositories grow, it becomes harder and more
resource intensive to scan content every day. We provide blazingly-fast image
scanning for repositories in the 10's of thousands of images. Not only are we
blazingly-fast, we tie the results of this scanning to admission control so bad
images never get into production. We are able to do this because of our full lifecycle
security platform which protects across the security needs of both DevOps and
deployment.
VMblog: In your expert opinion, what, if anything, is
holding containers back? Or are you
seeing a change in the technology's growth pattern?
NeuVector: Now that the platform wars have
been won by Kubernetes, we see customers spending money on the next levels in
the stack: security, storage and
monitoring. If you look at where the money in the ecosystem is being made,
above and beyond, the platform level, it is in these three categories - and
this is being driven by containers moving into production. This is the shift
that is driving our growth, and the growth of the container industry in
general.
VMblog: Give us a quick
overview of how one of you customers are using NeuVector?
NeuVector: Customers come to NeuVector when they realize that we are the only
solution that can protect them in run-time and with the only firewall with
network protection. For instance, our customer figo, a financial services
provider in Germany, recently implemented a service mesh architecture with
their containers. They turned to us because of our innovation in supporting
service mesh, and for our run-time protection expertise. Compliance is important to them, and our DLP
capability will enable them to detect credit card and PII data for their PCI
compliance requirements.
Here's
what our customer at figo says, "We selected NeuVector to protect containers in production
because it combines network and run-time security with vulnerability management
for compliance. Protecting sensitive data is a top concern at figo, and
NeuVector 3.0 with DLP to detect unencrypted credit card and other personal
data in network transmissions is important for our defense in depth as well as
our PCI compliance program. NeuVector is also continuing its innovation by
providing deep network visibility into service mesh encrypted traffic," said
Christian Hüning, System Architect, figo GmbH.
##