Security startup NeuVector announced version 1.3 of its container security platform on Nov. 13, providing advanced capabilities to help organizations detect threats that can be hidden in container workloads.
NeuVector’s platform provides a container firewall that can filter application layer traffic to help identify anomalous behavior and traffic. Visibility into tunneled traffic and advanced privilege escalation detection capabilities are among the most significant new features in the 1.3 release. NeuVector is also expanding its portfolio with an enhanced enterprise edition.
“Tunneling typically is used to steal sensitive data using common protocols like HTTP, DNS and ICMP,” Gary Duan, chief technology officer of NeuVector, told eWEEK. “Within a data center these tunnels are usually not encrypted traffic.”
While tunneling is often associated with encrypted traffic, such as virtual private network (VPN) and Secure SHell (SSH), there are multiple forms of nonencrypted tunneling methods that attackers can use to steal data, including DNS tunneling.
“The way that the DNS infrastructure works allows the attacker to set up a malicious server anywhere, and the affected workloads inside your network are able to connect to this server using normal DNS requests and responses,” Duan said. “Because DNS connections are normally allowed by the firewall, DNS tunneling can be very effective and hard to detect.”
NeuVector 1.3 is able to inspect the network connections at the application level, he said. By correlating the network connections with the activities of the containers, Duan said NeuVector can detect data exfiltration tunnels accurately.
The new release is also able to detect suspicious process and privilege escalation attacks occurring in container deployments. NeuVector 1.3 uses both baseline processing and checks for common suspicious processes such as port scanning to help detect potential attacks, according to Duan.
“NeuVector is able to monitor all process runtime information, correlate their activities and detect abnormal patterns,” he said.
Enterprise Edition
NeuVector officially launched on Jan. 31 along with the initial release of its namesake container security platform. On Nov. 7, NeuVector announced that it had raised $7 million in Series A funding to help grow both the technology and the company’s go-to-market efforts.
Alongside the NeuVector 1.3 release, the company is also debuting a new enterprise edition to bolster its product portfolio.
“Enterprise adds important integrations such as REST API support, SSO/SAML, LDAP and webhooks, as well as priority support and training,” Duan said. “More sophisticated access controls will also be part of the Enterprise version.”
The market for container security technologies is becoming an increasingly competitive one, with multiple vendors now in the space, including Aqua, StackRox, Twistlock and Capsule8. NeuVector aims to differentiate itself by providing application layer (Layer 7) filtering for all traffic and protocols and building in firewall-type detections that are typically found in a next-generation firewall (NGFW), he said.
“Our solution also offers connection-by-connection dropping as well as blocking and quarantine through network isolation,” Duan said. “Additionally, we use deep packet inspection [DPI] techniques to protect containers and add host process security, as well as vulnerability scanning, to round out the solution.”
Looking forward, Duan said NeuVector will continue to build more features into the platform to help identify suspicious behaviors. “We also want to continue to give customers tools that allow them to more quickly investigate incidents,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.