NeuVector Releases v 5.3.0: Enhancing Network Security and Automation
We are pleased to announce the release and general availability of NeuVector version 5.3.0! This release adds significant functionality to our market-leading container network security protections, as well as support for GitOps security as code automation. It also expands the breadth of platform compatibility with Arm64 and public cloud marketplace support.
Enhanced Zero Trust Network Protections for Kubernetes
This release provides valuable insights into external connections from a Kubernetes cluster. Developers frequently require external connections for API services, external data sources, or even internet-based open source updates. These external connections can be to internal private networks or internet services, and it can be difficult for operations and security teams to know which should be allowed and which are suspicious. With the prevalence of embedded malware, backdoors, and crypto mining, it is critical for external connections from a cluster to be properly identified and secured. In 5.3.0, NeuVector utilizes its layer 7 (application) inspection of all traffic, including DNS resolutions for fully qualified domain names (FQDNs), into IP addresses to first learn externally referenced hostnames/URLs and report on external connections. With this knowledge, security, and operations teams can determine which connections should be allowed, which are suspicious, and which should be blocked. Allowed connections are then codified into the zero trust rules for external access. In addition, NeuVector can now be configured to allow ICMP traffic for monitoring or block ICMP-based attacks.
GitOps Automation for Security As Code
Kubernetes pipelines are highly dynamic and automated, and Kubernetes security policy must also be automated to support these pipelines. NeuVector 5.3.0 expands ‘Security as Code’ support by enabling the export of security policies (yaml-based manifests) to git repositories (GitHub) in the form of NeuVector custom resource definitions (CRDs). This extends an effort begun several years ago to enable all NeuVector security policies to be managed through CRDs. The use of a GitOps workflow for managing security manifests will continue to be expanded in the future through imports from git repositories as well.
Expanded Platform and Public Cloud Marketplaces
This release adds support for Arm64-based architectures running Linux containers and expands support for Amazon EKS, Microsoft Azure, and Google marketplaces. Working closely with the technical team at Arm, NeuVector engineers have successfully ported and qualified the Arm64 platform. As an open source security project, NeuVector enables teams to make significant contributions to the project. This brings full-lifecycle security to containers running on Arm, including bare metal and public clouds like Amazon EKS Graviton.
To see all the enhancements and bug fixes, please see the NeuVector 5.3.0 Release Notes.