Virtualization Technology News and Information
#DockerCon 2019 Q&A: NeuVector Will Showcase Container Run-Time Protection Without Compromise at Booth C16


Are you attending DockerCon 2019?  If so, I invite you to add NeuVector to your MUST SEE list of vendors.

DockerCon 2019 is right around the corner, taking place April 29th - May 2nd at the Moscone Center in San Francisco, CA.  This is one of the leading container industry conferences, covering all things containers related, including Kubernetes, microservices, and DevOps.

One of the vendors exhibiting this year is NeuVector.  If you are attending, make sure to get them on your busy schedule and visit their booth to learn more.  They are leading the way in run-time protection, complete with container network security - delivering and end-to-end Kubernetes security platform.  And they are the only next generation container firewall with packet-level interrogation and enforcement.

Read this exclusive pre-show interview with NeuVector to learn what they have planned ahead of the start of the show.  Be in the know!


VMblog:  Attendees are going to want to speak with you.  How can they find you at DockerCon 2019?  Where will you be located?  And how can they follow you?

NeuVector: Schedule an appointment by sending an email to or reserve your time here: Appointment. And, drop by the NeuVector booth # C16!

VMblog:  Is there anything interesting or unique about this year's booth setup? Do you have a theme? 

NeuVector: Yes, this year our theme is "Run-Time Protection Without Compromise". As we started thinking about DockerCon, we realized that the market was sending mixed messages about container run-time protection. It's important for container customers to understand that not all run-time protection is the same. True protection must include deep packet inspection, at the network level, to give you full security at run-time. Without this network level protection, your containers are still vulnerable to malicious attacks. We like to say the network is the ultimate source of truth in detecting and preventing attacks. Hackers need the network to get in, move laterally, and connect externally to steal data or download malware.

VMblog:  If an attendee likes what they see and hear at your booth, what message about your product can you send them back with to sell their boss on your technology?

NeuVector: They should talk to their bosses about the need to secure container deployments, and the best way to do this is with a comprehensive container security platform like NeuVector, which features deep packet/network level security controls for containers. This is what we mean by Run-Time Protection Without Compromise. Containers need the same level of defense in-depth as any of their business apps, and hackers have proven they can find unknown vulnerabilities and other back doors to exploit.

VMblog: Twistlock and Aqua are focusing on scanning, and you guys are focusing on container runtime protection, take a moment to explain the differences.

NeuVector: Scanning for CVE's is an important DevOps discipline but it does you no good when your containers get into production. Once you go into production, hackers become your worst enemy and only by using NeuVector with comprehensive run-time protection can you keep hackers out.

VMblog: How does your run-time security differ from the claims of your competitors around run-time?

NeuVector: Twistlock and Aqua offer only very weak network monitoring, essentially trying to guess what network connections are attacked. You should never accept this level of protection in this day and age when hackers are expert at finding ways into vulnerable deployments. We offer the industry's only Layer 7 firewall with deep packet inspection, threat detection, DLP capability and packet capture. This is what makes our run-time security so powerful and essential.

VMblog:  We've told attendees to come by and visit you.  But can you better articulate WHY they need to add you to their MUST SEE list?

NeuVector: We have some of the most exciting new technologies here at the show for attendees to see - these include our newly announced support for ISTIO/service mesh, and our new DLP capability. Service meshes, such as ISTIO are the most exciting new topic in the eco-system right now.  Attendees should come by our booth to learn more about how service meshes work and talk to our experts about how to secure them. NeuVector is the only run-time container security solution that is able to inspect encrypted service mesh connections for embedded attacks.

VMblog:  If you would, please explain or give readers a few reasons why your product or service is considered unique? 

NeuVector: NeuVector is the only container security platform offering comprehensive run-time security including a container network firewall to protect all traffic coming in and out of the container at the network, Layer 7, level. Without this protection, containers still are vulnerable to hackers and malicious attacks. You get unprecedented visibility and protection by being able to see and block attacks by an inline firewall for container traffic.

VMblog:  What would you say to prospective attendees who are thinking about attending DockerCon but aren't sure if it's worth it or not?

NeuVector: Two or three years ago, DockerCon was mostly open source developers who wanted to play with containers. But now, we've seen the market shift and the focus is more serious as users increasingly are moving containers into production. DockerCon is an excellent venue for security and container architects who have serious questions about how best to secure their containers in production.

VMblog: Let's talk a little more about container security.  I've heard you mention runtime protection several times.  Why is run-time protection important, and how can an enterprise make sure they have true container runtime protection?

NeuVector:  Run-time security means securing containers as they move out of DevOps into production. Scanning is an important security measure while the containers are in DevOps, and our NeuVector Container Security Platform has some of the fastest scanning available. For containers in run-time it's important to move beyond scanning and monitor what's going on in the container, sys-calls, etc., and to protect against what might be coming in from the outside - from hackers, malicious attacks, etc., via the network and spreading laterally across the network. This is why you can't claim to have run-time security without network protection - the network piece of it is of critical importance.

VMblog: There has been a lot of talk about Shift-Left Security.  What's your take on this?

NeuVector:  Developers are becoming more aware about the importance of security and that's a good thing. This is increasing the security requirements in the build and CI/CD pipeline. As DevOps repositories grow, it becomes harder and more resource intensive to scan content every day. We provide blazingly-fast image scanning for repositories in the 10's of thousands of images. Not only are we blazingly-fast, we tie the results of this scanning to admission control so bad images never get into production. We are able to do this because of our full lifecycle security platform which protects across the security needs of both DevOps and deployment.

VMblog:  In your expert opinion, what, if anything, is holding containers back?  Or are you seeing a change in the technology's growth pattern?

NeuVector: Now that the platform wars have been won by Kubernetes, we see customers spending money on the next levels in the stack:  security, storage and monitoring. If you look at where the money in the ecosystem is being made, above and beyond, the platform level, it is in these three categories - and this is being driven by containers moving into production. This is the shift that is driving our growth, and the growth of the container industry in general.

VMblog:  Give us a quick overview of how one of you customers are using NeuVector?

NeuVector: Customers come to NeuVector when they realize that we are the only solution that can protect them in run-time and with the only firewall with network protection. For instance, our customer figo, a financial services provider in Germany, recently implemented a service mesh architecture with their containers. They turned to us because of our innovation in supporting service mesh, and for our run-time protection expertise.  Compliance is important to them, and our DLP capability will enable them to detect credit card and PII data for their PCI compliance requirements.

Here's what our customer at figo says, "We selected NeuVector to protect containers in production because it combines network and run-time security with vulnerability management for compliance. Protecting sensitive data is a top concern at figo, and NeuVector 3.0 with DLP to detect unencrypted credit card and other personal data in network transmissions is important for our defense in depth as well as our PCI compliance program. NeuVector is also continuing its innovation by providing deep network visibility into service mesh encrypted traffic," said Christian Hüning, System Architect, figo GmbH.


Published Monday, April 15, 2019 7:25 AM by David Marshall
VMblog Video Interview with NeuVector Talking #Containers #Security and #DockerCon 2019 : @VMblog - (Author's Link) - April 23, 2019 7:31 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2019>