NeuVector Releases Security Policy as Code for Kubernetes
December 2, 2019
released its “Security Policy as Code” capability for Kubernetes
services. The release – built into the NeuVector platform – enables
DevOps teams to automate container security by using Kubernetes Custom
Resource Definitions (CRDs) to define and manage application security
policies throughout application development and production. Now, DevOps
teams can more quickly deliver secure cloud-native apps because security
policies can be defined, managed and automated during the DevOps
process. Security Policy as Code adds to recently-released enhancements
to the NeuVector platform, including data loss prevention (DLP) and
multi-cluster/multi-cloud management capabilities.
NeuVector also enables developers
to create CRDs that capture the full profile of application behavior –
and do so in a Kubernetes-native way. The result is simple-to-deploy,
powerful security policy enforcement that:
Only permits allowed network connections between services – enforced by application protocol (layer 7) inspection.
Allows or prevents external or ingress connections as warranted.
Sets the “protection mode” of the application to either Monitor mode (alerting only) or Protect mode (blocking all suspicious activity).
Supports integration with Open Policy Agent (OPA) and other security policy management tools.
Allows DevOps and security teams to define application policies at different hierarchies such as per-service rules defined by DevOps and global rules defined by centralized security teams.
Is RBAC-enabled, enforcing the creation and updates of security policy as allowed natively by Kubernetes service accounts and roles.
Is extensible, to support future expansion of security policy as code to admission control rules, DLP rules, response rules and other NeuVector enforcement policies.
“By introducing our industry-first
Security Policy as Code for Kubernetes workloads, we’re excited to
provide DevOps and DevSecOps teams with even more control to automate
safe behaviors and ensure their applications remain secure from
ever-increasing threat vectors,” said Gary Duan, CTO, NeuVector. “We
continue to build out new capabilities sought by customers – such as DLP,
multi-cluster management, and, with today’s release, CRD support. Our
mission is acutely focused on raising the bar for container security by
offering a complete cloud-native solution for the entire application