SUSE’s Container Security Platform Now Listed in Amazon EKS Best Practices: A Big Step for Container Security

Thanks to our collaboration with AWS and work from Dominik Wombacher, we’re thrilled to announce that SUSE’s Container Security Platform, NeuVector Prime, is now recognized in the official Amazon EKS Best Practices documentation across six key security areas:

• • Runtime Security

• • Pod Security

• • Network Security

• • Image Security

• • Incident Response and Forensics

• • Regulatory Compliance

   

  This inclusion signifies a significant step forward in the collaboration between AWS and SUSE on bolstering container security.

  NeuVector Prime is the only 100% open-source, Kubernetes-native security platform. It safeguards your EKS workloads with eight distinct security functions, encompassing both supply chain vulnerability scanning and complete run-time protection for containers, pods, and hosts, including:

  1. CI/CD Vulnerability Management & Admission Control. Scan images with a Jenkins plug-in, scan registries, and enforce admission control rules for deployments into production.
  2. Violation Protection. Discovers behavior and creates a whitelist based policy to detect violations of normal behavior.
  3. Threat Detection. Detects common application attacks such as DDoS and DNS attacks on containers.
  4. DLP and WAF Sensors. Inspect network traffic for Data Loss Prevention of sensitive data, and detect common OWASP Top10 WAF attacks.
  5. Run-time Vulnerability Scanning. Scans registries, images and running containers orchestration platforms and hosts for common (CVE) as well as application specific vulnerabilities.
  6. Compliance & Auditing. Runs Docker Bench tests and Kubernetes CIS Benchmarks automatically.
  7. Endpoint/Host Security. Detects privilege escalations, monitors processes and file activity on hosts and within containers, and monitors container file systems for suspicious activity.
  8. Multi-cluster Management. Monitor and manage multiple Kubernetes clusters from a single console.

   

  A key differentiator is NeuVector Prime’s patented network Deep Packet Inspection (DPI) technology. This enables not only runtime network threat detection but also automates Zero Trust network micro-segmentation and Data Loss Prevention (DLP) within your Kubernetes environment.

  By combining these runtime layers with supply chain layers featuring vulnerability management and admission control, NeuVector Prime empowers users to:

  • Rapidly strengthen security posture: Achieve a robust security stance in under an hour.
  • Automate Zero Trust security-as-code: Simplify security implementation and management. Implement this into your existing CI pipeline. 
  • Identify live attacks and safeguard applications: Protect against zero-day attacks, unpatched vulnerabilities, and insider threats.

   

  The EKS Security Best Practices provides guidance on hardening your EKS microservice infrastructure and mitigating threats through a security in-depth approach. NeuVector Prime functions at the center of this approach. 

  NeuVector Prime simplifies security for AWS deployments, offering the following advantages:

  • Compliance made easy: Achieve compliance with industry standards like PCI, GDPR, SOC 2, HIPAA, and NIST. NeuVector Prime helps meet these requirements through features like network segmentation, vulnerability scanning, configuration auditing, access controls, and data encryption.
  • Automated security for peace of mind: NeuVector Prime automatically discovers containers, learns application behavior, and creates security policies to shield them from anomalies, threats and vulnerabilities. Additionally, real-time security event logging provides continuous visibility into container traffic.
  • Seamless scaling with Amazon EKS: NeuVector Prime seamlessly integrates with Amazon EKS scaling features. As your applications evolve, NeuVector automatically adapts to safeguard your containerized environment. 
  • NeuVector Prime functions as a network tap: NeuVector Prime maintains its own source of truth, independent of AWS services, and also connects to Amazon Cloudwatch and other services as part of an in-depth defense approach to securing your microservice infrastructure. Neuvector Prime is the only solution allowing you to analyze and block East-West traffic within your EKS clusters, including zero-day attacks and DLP. 
  • NeuVector Prime installs as a k8s native application into EKS across your enterprise and Federates for centralized control. 

   

  Take Your Container Security to the Next Level:

  • Register for a NeuVector Rodeo Workshop: Gain hands-on experience deploying, configuring, and operating NeuVector Prime with a free 90-minute workshop. 
  • Experience NeuVector Prime at re:Inforce 2024: Visit our booth #1101 for a live demo and see NeuVector Prime on Amazon EKS in action. 
  • Explore NeuVector Prime on the Amazon Marketplace: Learn more about NeuVector Prime and its integration with AWS.