Virtualization Technology News and Information
KubeCon 2021 Q&A: NeuVector Will Showcase Container Security and Compliance, and a New Kubernetes Configuration Assessment Tool


KubeCon + CloudNativeCon 2021.  Will you be in attendance?  If so, VMblog invites you to swing by and check out the NeuVector booth in the sponsor showcase.

Read this exclusive KubeCon pre-show interview between VMblog and Glen Kosaka, the VP of Product Management at NeuVector, a container security company.  NeuVector empowers global organizations to fully secure their container infrastructures without compromising business velocity.  For security, DevOps, and infrastructure teams, the NeuVector continuous container security and compliance platform simplifies data protection from pipeline to production, enforces compliance, and provides visibility and automated controls to combat known and unknown threats.

neuvector logo 

VMblog:  NeuVector's participated at KubeCon for years - what brings you back?

Glen Kosaka:  There's no better event for bringing together the Kubernetes and cloud native community under one roof (and we're excited that is a literal roof, versus the virtual events of the past too-many-months). KubeCon talks are always interesting, and bring together such a variety of best practices and use cases across all areas of the ecosystem. Our world is Kubernetes security, of course, but we really enjoy learning more all parts of the cloud native transformation, and there's no better place to get that information than KubeCon.

VMblog:  Can you give us the high-level rundown of NeuVector's technology?  What problems are you solving?

Kosaka:  Our platform enables customers to achieve end-to-end, Kubernetes-native container security, without impeding their application development. NeuVector makes it simple for security, DevOps, and infrastructure teams to secure containers, enforce compliance, and protect data throughout their pipelines and into production. The visibility and automated controls built into the platform empowers customers to safeguard their environments against both known and unknown security threats. 

Businesses shifting to cloud resources and container infrastructures quickly learn that traditional firewalls protect only against threats arriving by external traffic. These incumbent technologies offer no visibility into threats escalating within internal "east-west" traffic in the container environment, and that's a problem. Any stage of the CI/CD pipeline can be the entry point for critical security vulnerabilities. Similarly, headlines covering Kubernetes-based data breaches, such as those at Tesla, Capital One and countless other examples that continue to pop up, make it clear that Kubernetes itself is a vulnerable attack surface. Therefore, visibility and proactive automated security that offers vigilant protections across the full application lifecycle is essential to overcoming threats, and that's what NeuVector provides.

Alternative security solutions that don't integrate well into container environments or require manual configuration can slow down the development pipeline. Deployed as a container itself, NeuVector integrates seamlessly with CI/CD tools and Kubernetes, providing the full application lifecycle protections that organizations require without impeding development or impacting the pace of business.

VMblog:  Moving more into NeuVector's differentiators in the container security space - what else is unique about NeuVector's solution?

Kosaka:  NeuVector is unique as a continuous container security and compliance platform in that it uses Layer 7 deep packet inspection and behavioral learning to recognize and allow only those container behaviors that are appropriate. Through this method, NeuVector approves and allow-lists network connections, processes and file access in the container environment, and detects and blocks all suspicious activities. As a result, attacks are stopped automatically, in real-time. Another NeuVector differentiator is its ability to actively detect and prevent attacks at run-time, achieving complete protection for production application environments. 

NeuVector provides DevOps and DevSecOps teams with automated CI/CD scanning, admission controls, and additional compliance management capabilities for those organizations regulated by PCI DSS, GDPR, HIPAA and other regulations. CIS Benchmark auditing also assists NeuVector customers in shoring up their security to align with best practices. Developer and DevOps teams can also leverage Security Policy as Code to quickly define permitted application behaviors and global rules.

Another unique and particularly powerful NeuVector capability is virtual patching, which enables customers to protect their workloads and hosts against vulnerability exploits in situations where patches are not yet available.

VMblog:  Is NeuVector unveiling anything new at KubeCon?

Kosaka:  We are - we actually made one announcement that just launched ahead of KubeCon, and are making another at the event.

First, we've just released a new Kubernetes configuration assessment tool. With this tool, NeuVector continuously scans Kubernetes resources such as YAML files (in both repositories and live deployments) to identify any security misconfigurations or gaps in compliance. This gives DevOps and DevSecOps teams a powerful streamlined workflow for building configuration management directly into their pipelines, and ensuring continued compliance with PCI, HIPAA, GDPR, etc.


Image 1 Kubernetes Configuration Assessment tool

At KubeCon itself we'll be announcing two new patents granted to NeuVector for our unique and groundbreaking Container Lifecycle Risk Scoring and our service mesh protections. NeuVector's Container Lifecycle Risk Scoring provides teams with an at-a-glance summary of exploit risk to their container or Kubernetes environments, presented as a single easy-to-digest score. This score enables organizations to quickly and accurately assess their risk posture, and includes a step-by-step wizard for then addressing and reducing recognized exploit risks.

NeuVector's newly-patented service mesh protections enable teams to apply unique network protections into service mesh environments, even if encryption is enabled. Using NeuVector's Layer 7 container firewall and deep packet inspection, these protections enforce application-layer network segmentation rules, and detect and thwart embedded network attacks.

VMblog:  At what stage do you feel we are at with regard to containers?  Is there anything still holding it back, or keeping it from a wider distribution?  

Kosaka:  Container adoption continues at a rapid and encouraging pace. That said, our concern is that if organizations continue to rush into container adoption without a proper regard for the unique security needs of these environments, container-related security breaches will keep making headlines. Ultimately, negative headlines can make organizations wary of containers and impede progress. 

Kubernetes is in a similar position: it's the ubiquitous container orchestration option, but adoption is still at an early stage and there is a steep learning curve to become proficient with it. For both containers and Kubernetes, security threats will increase and mature in sophistication as adoption does. At NeuVector, we plan to continually introduce new protections to stay a step ahead of evolving threats, and to encourage organizations implementing containers and Kubernetes to simultaneously implement the appropriate security protections to do so safely.

VMblog:  If an attendee likes what they see and hear at your booth, what message about your product can you send them back with to sell their boss on your technology?

Kosaka:  Kubernetes security cannot be an afterthought as you migrate to (or scale up) Kubernetes deployments - but you don't have to choose between achieving end-to-end security and maintaining your speed of development.


Published Monday, October 04, 2021 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2021>