New risk assessment capabilities help secure containers
Container security company NeuVector is releasing new security risk assessment capabilities for enterprises using Kubernetes in production environments.
The features, added to its existing container security offering, include new dashboard widgets and downloadable reports to provide security risk scores for the most critical run-time attack risks, network-based attacks and vulnerability exploits in containers.
An overall risk score summarizes all available risk factors and provides advice on how to lower the threat of attack -- thus improving the score. A service connection risk score shows how likely it is for attackers to move laterally to probe containers that are not segmented by the NeuVector firewall rules. And an ingress/egress score shows the risk of external attacks or outbound connections commonly used for data stealing or connecting to command and control servers.
Additionally, a vulnerability exploit risk combines run-time scan results for containers with the protection mode of the container. If the container is protected by NeuVector's whitelist rules for network segmentation and process profiling, then there is a lower risk of a vulnerability exploit spreading or critically damaging the service.
"The NeuVector container security solution spans the entire pipeline -- from build to ship to run," says Gary Duan, CTO of NeuVector. "Because of this, we are able to present an overall analysis of the risk of attack for containers during run-time. But not only can we help assess and reduce risk, we can actually take automated actions such as blocking network attacks, quarantining suspicious containers, and capturing container and network forensics."
Integration with Red Hat OpenShift means the risk assessments and reports are specific to OpenShift projects and namespaces for each user. This makes it easy for individual users to review the risk scores and security posture for the containers within their assigned projects.
You can find out more on the NeuVector site.