Review: How NeuVector protects containers throughout their lifecycle

Most traditional security products have very little visibility into containers running in the cloud. NeuVector protects containers from within the containerized environment.

Businesses and organizations of all sizes are finally embracing cloud computing. Even holdout organizations like some large government agencies are starting to deploy private clouds, or hybrids that contain some mix of private and public cloud infrastructure. The benefits of cloud computing are numerous and well-known at this point. They include near infinite expandability, having an external provider worry about maintaining the base infrastructure, and the ability to spin up new servers or services in just a few seconds.

But the most advanced enterprises are taking cloud computing a step further, into the realm of containerization. The concept of containers is a pretty brilliant one because it provides all the benefits of cloud computing, like infinite expandability, but also provides individual control over each container, which is essentially a fully-operational and independent virtual machine.

A container can be created to fill almost any need, from a tiny microservice to a full operating system. And because each container has all the resources that it needs within its perimeter, it can easily be transported to other computing environments, such as moving from a development cloud to a production environment. Some large enterprise networks might deploy, move or modify thousands of containers every day.

Unfortunately, cybersecurity has been slow to catch up with advancements in containerization, and most traditional security products have very little visibility into containers running in the cloud. The closed and independent nature of containers means that cybersecurity scanning from the outside will yield limited results. And because most cybersecurity programs have little to no insight about how containers should and do work, even if a container is successfully scanned, the scanning program may not understand if the container is operating properly or not.

There are other issues as well. Containers can expand if they need more resources and might even be deployed or destroyed nearly instantly as needed. Most cybersecurity programs, especially things like scanners that check the network on a schedule, will almost always be operating with old information. And because containers are part of a network of other containers, they need to coordinate with one another and with the container orchestration software like Kubernetes or Docker. That causes an explosion of so-called east to west internal traffic, which is often not monitored by cybersecurity defenses.

The NeuVector container security platform was created specifically to safeguard containerized environments. In fact, it’s deployed as a privileged container itself within the environment that it will be protecting. From its position within the containerized environment, it can monitor all Layer 7 network traffic, including that moving between containers and the host orchestration software. In this way, it can protect against attacks made against individual containers or the entire environment.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!