NeuVector, which delivers continuous network security for containers, announced two key releases in support of enterprises evaluating the security of their Kubernetes 1.6 deployments. The announcements come in the wake of the Center for Internet Security (CIS) releasing its Kubernetes CIS Benchmark on Kubernetes 1.6 security auditing.
With the CIS Benchmark including more than 100 recommendations, NeuVector is providing a simple method for testing whether Kubernetes 1.6 deployments are in compliance. First, NeuVector is releasing powerful open source tools that enterprises can immediately use to run tests across Kubernetes 1.6 master and worker nodes to verify compliance with the CIS Benchmark. Additionally, NeuVector has fully implemented these tools into its container security solution for automatic testing across distributed Kubernetes clusters.
The nature of Kubernetes — a complex orchestration platform utilizing a host of interconnected services — naturally makes evaluating the security of a Kubernetes implementation challenging for enterprises that are not equipped with customized tools, such as those that NeuVector has now contributed to the open source community. These tools, under Apache License 2.0, come in the form of scripts designed to perform tests for each of the 100+ recommendations included in the CIS Benchmark. As the new standard includes separate security recommendations for the Kubernetes master node and worker node, NeuVector has created two separate scripts to address each need. The recommendations of the CIS Benchmark generally focus on key security areas within Kubernetes: the use of privileged containers, API server authentication and authorization, Kubelet authentication, etcd security, data security (files, sensitive information, etc.), certificate management, pod security, and more.
At the same time, DevOps and engineering teams using NeuVector will now benefit from the fact that CIS Benchmark auditing and compliance testing is simple to execute in NeuVector-protected Kubernetes clusters. Ensuring continuous security compliance for a dynamic and complex Kubernetes deployment is a much more involved task than evaluating a test cluster. With the NeuVector security container deployed on Kubernetes master and worker nodes, CIS Benchmark tests can be quickly scheduled and run, with the NeuVector controller centralizing the coordination of tests and collecting audit logs for each node.
“As a container run-time and network security leader, NeuVector is deeply invested in supporting security compliance and auditing for production container deployments,” said Fei Huang, CEO, NeuVector. “This commitment is demonstrated with the release of our open source tools that greatly simplify Kubernetes 1.6 CIS Benchmark compliance testing, as well as by adding these tests as an automatic feature within our solution. We invite the Kubernetes security community to take full advantage of these open source tools, and ensure they continue to evolve as Kubernetes does.”
NeuVector delivers a Docker container network security solution with a zero-configuration policy that adapts to the changing environment and secures containers during run-time. Founded by industry veterans from Fortinet, VMware, and Trend Micro, NeuVector has developed patent-pending behavioral learning for containers with the vision of simple, scalable network security for containers.