Mesh networking security from NeuVector at IBM Think 2019
|Richard Harris in Security Thursday, February 14, 2019|
NeuVector delivers a new in-depth service mesh container discovery, visualization and run-time protection, that adds a critical network layer of security to the Istio and Linkerd2 service meshes for production Kubernetes deployments.
NeuVector announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration - developed in coordination with IBM Cloud and the Istio open source development team - delivers new capabilities for network visibility and threat detection, even for connections that are encrypted by Istio or Linkerd2. NeuVector also protects Istio and Linkerd2 application containers at run-time and provides service mesh container discovery and visualization, equipping customers with a unique view into their container infrastructure and network communication paths.
NeuVector will be demonstrating how its solution works with Istio - together with the IBM Cloud Istio team - at IBM Think 2019. Attendees can learn more about this release and how NeuVector is helping enterprises ensure end-to-end container network security.
How does the new mesh security work for Kubernetes?
The Istio and Linkerd2 service mesh platforms provide routing and authentication of pod-to-pod (container-to-container) connections and can encrypt the communication between pods. NeuVector’s unique and patented technology adds another layer of security by enabling deep packet inspection before the Istio or Linkerd2 encryption begins. This integration with service mesh technologies enables NeuVector to deliver strong network threat detection and application layer visualization for Istio, Linkerd2 and other service mesh-based applications - including their sidecar containers - from the moment the NeuVector container network security solution is deployed to Kubernetes environments.
“Istio and Linkerd2 have proven to be incredibly powerful and scalable service mesh technologies, and we’re proud to release this integration to provide DevOps and security teams with even more container network visibility and security,” said Gary Duan, CTO, NeuVector. “Organizations leveraging any service mesh in production Kubernetes deployments can now rest assured that their environments are secure and that attacks on these environments will be recognized and defeated.”
Via this patent-pending integration, NeuVector is providing the most robust defense for Kubernetes production deployments using a service mesh such as Istio or Linkerd2 - including threat detection based on deep packet inspection and application protocol verification. The integration also extends the security coverage of Istio and Linkerd2 protocol awareness for HTTP and gRPC services, as well as other application protocols that NeuVector supports using TCP, UDP, and ICMP. Customers can also leverage NeuVector’s industry-leading traffic monitoring and visualization capabilities to verify that their Kubernetes container infrastructure is deployed correctly and functioning properly.
“We selected NeuVector to protect containers in production because it combines network and runtime security with vulnerability management for compliance,” said Christian Hüning, System Architect, figo GmbH. “NeuVector is continuing its innovation by providing deep network visibility into service mesh encrypted traffic.”