SUSE NeuVector 5.0 Delivers a Powerful Open Source Security Platform
I’m excited to announce the general availability of the SUSE NeuVector container security platform. This release makes a full lifecycle container security platform available to all enterprises and users worldwide through an Apache v2 licensed open source software model.
As container security continues to be a critical need for organizations building and running Kubernetes applications, SUSE NeuVector 5.0 will allow users to address major security use cases across the entire application lifecycle, including deep network visibility and protection, vulnerability management, configuration auditing and compliance and supply chain security.
NeuVector Goes Open Source
As previously announced, the NeuVector source code has been published and its container images can be pulled from its public repository. The 5.0 version is the first open source version of NeuVector, delivering new automated run-time protections for container workloads in addition to integration with SUSE Rancher to ease deployment, monitoring and management of NeuVector security functions.
Zero Trust Workload Controls
NeuVector 5.0 enhances its zero trust workload controls to expand security threat detection while increasing automation to alleviate manual configuration, including:
- Powerful web application firewall (WAF) and data loss prevention (DLP) protections through NeuVector’s patented deep packet inspection (DPI) engine for container networks.
- New zero-drift workload protections that automatically detect authorized process and file activity based on the original container image, stopping rogue processes from starting or malicious executables from being installed.
- Automated protection mode migration, which promotes application workloads from discover (learning) mode to monitor (alerting) and protect (blocking) modes based on selected criteria.
- Enhanced support for security policy as code automation through custom resource definitions (CRDs) for admission controls, WAF and DLP rules.
Integration with Rancher 2.6.5
With enhanced integration with Rancher 2.6.5, NeuVector 5.0 adds multi-cluster security management to Rancher’s multi-cluster management and:
- Easily deploys through Rancher Apps and Marketplace
- Can be monitored and managed just like other workloads managed by Rancher
- Provides a single sign-on experience where Rancher admins can access NeuVector console right from the Rancher UI without needing to log in separately
Other additions of note include:
- Vulnerability scanning for SUSE Linux Enterprise (SLE, SLES, BCI) and Microsoft Mariner images
- Support for deployments of Rancher RKE2 and K3s.
NeuVector 5.0 can be deployed today directly from within Rancher or using Helm, Operators and standard kubectl commands. It supports the deployment and protection of all popular container environments such as Rancher RKE/RKE2, RedHat OpenShift, VMware Tanzu, Mirantis MKE, AWS EKS, Google GKE, Microsoft AKS and IBM IKS.
Commercial support licenses are available from SUSE and provide product support, vulnerability triage assistance, runtime rules configuration and testing assistance, and access to the latest expertise for preventing exploits and attacks on containers.