Demo: SUSE’s NeuVector, Zero Trust Security for Containers

It’s not enough to simply patch vulnerabilities if you’re not also making it tougher for unauthorized users and services to access your containers and Kubernetes clusters. NeuVector, now under the auspices of SUSE, is a zero trust container security platform that protects those containers and their applications from being accessed.

In an episode of The New Stack Demos — recorded at Cloud Native SecurityCon in Seattle, in February — Jorn Knuttila, senior security solution architect for NeuVector, demonstrated the platform for Alex Williams, TNS publisher and founder.

To show how NeuVector works, Knuttila deployed an online shopping cart application into an existing Kubernetes cluster. NeuVector automatically created groups inside the cluster, which represent the containers within the cluster.

He showed the Protect and Monitor modes of NeuVector. Protect mode will block any activity that’s not explicitly allowed inside of the environment; Monitor mode, Knuttila said, “is very much like Protect, but it won't block things, it will alert you, ‘Dear user, I would have blocked these had I been in full Protect mode.”

The result, he said: “I can actually set up a fingerprint of what that application looks like without stopping deployment, without stopping production. And I can take these manifests and give them to my developers, and they can ship security as code with their deployments inside of the environment without having to write the security profiles themselves.”

The speed of innovation and development unleashed by cloud native technology demands new thinking about security, said Fei Huang, vice president of security strategy at SUSE and a co-founder of NeuVector.

“We need to figure out where to fit in to protect all the layers as much as possible — and proactively,” Huang said.