Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

8/18/2020
02:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NeuVector Releases New Version of its Cloud-Native Kubernetes Security Platform

Solution includes compliance template integration and new security vulnerability workflow management capabilities.

San Jose, CA – August 17, 2020 – NeuVector, the leader in Full Lifecycle Container Security, today released the newest version of its cloud-native Kubernetes security platform. The enterprise-trusted, build-to-production container security solution now includes extensive compliance reporting and enforcement for PCI DSS, GDPR, and other industry and government standards, as well as new workflows specifically designed to make it easy for DevOps teams to track critical vulnerabilities and to ensure – and prove – compliance.

For both enterprises and managed service providers, NeuVector also now includes granular role-based access controls (RBACs) to support multi-department and managed service provider (MSP) deployments. Additionally, NeuVector has added serverless security for AWS Lambda and policy management integration with Open Policy Agent (OPA). The significantly updated NeuVector platform is releasing at KubeCon + CloudNativeCon Europe 2020.

Ready-to-use templates track and ensure compliance with industry regulations

With a single click, DevOps teams can enable NeuVector’s pre-configured compliance templates to identify any potential industry compliance issues and generate audit reports for PCI DSS, GDPR, and other stringent – and often changing – data security regulations. NeuVector’s templates can be customized to perform specific compliance verifications whenever needed, and new templates can be created to check against internal or other industry compliance requirements. Enterprises can also generate compliance auditing reports to track progress on meeting requirements, and to review, update, and enforce controls required for industry compliance such as vulnerability management, network segmentation, and firewalling.

Integrated vulnerability and compliance management

The enhanced NeuVector platform also introduces a straightforward vulnerability and compliance management workflow. Expanding on the vulnerability explorer launched earlier this year, DevOps teams can now track critical vulnerabilities and compliance violations, and quickly identify any that require immediate patching or follow-up alerts (as well as those which can be safely ignored). Compliance tests include the capability to scan and inspect images and containers for embedded secrets. Teams can manage vulnerability and compliance scan results in NeuVector, with no required integration to external workflow tools. NeuVector’s new workflow also tracks dates, status, and other metadata to accelerate DevOps with organizing, prioritizing, and following up on image and run-time scan results.

Even more granular RBACs

With Kubernetes deployments increasingly supporting multiple enterprise divisions, development teams, and roles, granular RBACs that allow access to NeuVector’s security capabilities have become especially critical. To support enterprise PaaS deployments with multiple departments, NeuVector now enables admins to create customizable roles for those focused on CI/CD integration, DevOps, network security, operations, namespace users, and more.

Massively scalable image scanning

As enterprise repositories face explosive growth in the volume of images that require continuous scanning, NeuVector is ensuring that scanning capabilities scale accordingly. NeuVector has now extended its platform’s industry-leading image scanning performance, enabling massively-scalable image scanning that deploys parallel scanners to efficiently scan up to hundreds of thousands of images. NeuVector utilizes native Kubernetes controls to scale scanners up and down with appropriate resource allocation. By doing so, NeuVector enables DevOps to run frequent image rescanning when new vulnerabilities are discovered without risking failed registry scanning jobs.

Scanning expands to AWS Lambda

NeuVector has also expanded its leading vulnerability scanning and risk assessment capabilities to now protect serverless functions on AWS Lambda. Using the open source Serverless IDE, DevOps teams can trigger vulnerability scanning of AWS Lambda serverless functions, and remove vulnerabilities before running those functions. NeuVector includes support for functions in Java, Node.js, Python, and Ruby. NeuVector’s risk assessments automatically analyze the AWS permissions granted for each function, and indicates their risk level. DevOps can review if permissions are appropriate, or if they increase the risks of vulnerability exploits. The NeuVector platform can also scan functions and containers for embedded secrets to detect policy violations.

Open Policy Agent integration


Additionally, NeuVector is announcing full integration with the Open Policy Agent (OPA) open source project, enabling OPA to manage and query security policy as code. This integration allows DevOps teams to easily review and query NeuVector CRD security policies within a Kubernetes cluster, or across their enterprises.

Quotes

“Releasing compliance templates and vulnerability and compliance management workflow into our platform empowers DevOps and security teams to far more efficiently and assuredly align containerized environments with crucial regulatory requirements – while reinforcing security and reducing exposure to potential exploits,” said Fei Huang, Chief Strategy Officer, NeuVector. “Similarly, our new granular RBAC security controls, hyperscale image scanning capabilities, AWS Lambda serverless function protections, and OPA integration each contribute to the ease and effectiveness with which enterprises can leverage NeuVector to safeguard containerized environments across the full application lifecycle and reliably achieve their security goals.”

“As we continue to automate and expand container security at Cooperators, the ability to add secrets auditing and other compliance checks provides another valuable risk assessment tool,” said Niteen Kole, a Solutions Designer at Cooperators Canada, a NeuVector customer. “In addition, our container security program will expand to enable different users from DevOps, operations, security and compliance teams to utilize the security platform, requiring more granular controls which can be customized for each role. These new capabilities in NeuVector enable us to continue to expand our container deployments securely.”

“NeuVector continues to raise the bar on securing the entire container lifecycle,” said Sean McCormick, VP Engineering at Element Analytics, a NeuVector customer. “The compliance templates and vulnerability workflow management improves our compliance efficiency and ultimately reduces our exposure to exploits. For example, we can easily identify and focus on the vulnerabilities that could impact external facing services, while closing those which are not relevant. The OPA integration and serverless security additions will also be valuable as we continue to enhance and expand our cloud security initiatives.”

About NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security for modern container infrastructures. NeuVector offers a cloud-native Kubernetes security platform with end-to-end vulnerability management, automated CI/CD pipeline security, and complete run-time security – including the industry’s only container firewall to block zero-day attacks and other threats. NeuVector customers include global leaders in financial services, healthcare, transportation, government and other industries. For customers in highly regulated industries, NeuVector simplifies compliance for PCI, GDPR, HIPAA, and other stringent data security mandates. NeuVector integrates with leading cloud platforms, CI/CD tools, and monitoring tools. Founded by industry veterans from Fortinet, VMware, and Trend Micro, NeuVector has developed patented behavioral learning for container security.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...