Enhanced NeuVector Platform Debuts
April 14, 2020
NeuVector platform includes new features – purpose-built for enterprise
DevOps and security teams – focused on automated end-to-end
vulnerability management and protection, expanded registry scanning, and
host protection in production environments. The platform additions
include the new Vulnerability and Compliance Explorer for quickly
investigating, prioritizing, reporting, and mitigating potentially
damaging vulnerability and compliance issues. High performance
large-registry scanning and enhanced host (node) security processes have
also been added.
Prioritize which images, nodes, or containers are most in need of attention.
Respond to and mitigate any areas with security and compliance risk.
Improve ongoing security procedures (and rescan to confirm improvements).
Importantly, the Explorer adds
virtual patching as part of its response mechanism. This critical
security feature gives DevOps teams the ability to virtually patch
vulnerabilities in production containers or hosts without needing to
actually patch or remediate that vulnerability in a library or package.
Doing so gives enterprises confidence deploying containers in production
environments that have vulnerabilities without a current fix available.
NeuVector is able to do this by whitelisting all authorized application
container behavior – such as network connections, processes, and file
activity – either through NeuVector’s behavioral learning processes or
automatically via security policy as code. Any attempted exploit on a
workload or host protected by NeuVector is then detected, alerted, and
blocked (depending on user settings). In addition to virtually patching
vulnerabilities, these same run-time security capabilities also protect
enterprises against embedded malware, zero-day attacks, and insider or