NeuVector and Rancher Labs have partnered to help DevOps teams securely deploy application containers using the latter's container management platform.
Docker and other application container technologies are all the rage among companies, at least those seeking more agile application development and delivery methods that allow them to respond more quickly to shifting market forces and business objectives. Of course, as with any hot technology that grows a following, it doesn't take long for security risks to emerge.
"Application container environment threats include traditional host and application attacks, attacks on the Docker daemon, and compromised containers probing laterally. Due to increased internal 'East-West; traffic from containers, it is more difficult to get real-time visibility and protection for container networks," Fei Huang, CEO of NeuVector, told eSecurity Planet.
"Attacks and suspicious activity are often best detected at the network layer, but network security solutions need to be integrated with container management and networking to be scalable," continued Huang.
Milpitas, Calif.-based NeuVector uses AI-inspired technology to provide adaptive application container security during runtime.
"NeuVector provides unique technology to inspect all container connections, as well as the host and container processes to detect suspicious activity. We use behavioral learning to create and enforce a whitelist-based security policy which does not require error-prone manual updates as containers scale up and down," explained Huang.
Used with Rancher Labs' container management technology, joint customers can protect their container-based applications from the get-go.
"The integration with Rancher Labs ensures that continuous security can be added to the CI/CD [continuous integration and continuous deployment] process," Huang added. "The NeuVector security containers become part of the overall container management process managed by the Rancher Labs solution."
NeuVector joins a number of startups developing solutions for security-conscious enterprises that have jumped on the container bandwagon.
Founded by Microsoft veterans, San Francisco's Twistlock employs an automated policy framework to simplify container management and governance. The company's Twistlock Trust technology sniffs out vulnerabilities by scanning images and registries for code and configuration flaws.
In February, Brooklyn-based Capsule8 emerged from stealth. The startup's namesake platform provides zero-day threat protection for container-filled Linux infrastructures.
"Containerized applications are Linux applications, and most of the same threats apply: software vulnerabilities, misconfigurations, weak authentication, and so on," said Capsule8 CEO John Viega at the time. "Capsule8 monitors containers and Linux Machines in real-time, protecting against these kinds of problems, and giving the visibility into what happened that is sorely lacking in Linux."