NeuVector released its configuration posture management and deployment assessment tool for Kubernetes resources. The new tool – available as part of the NeuVector container security platform – enables customers to immediately and automatically identify any compliance issues within Kubernetes resources and to enforce admission control policies.
Increasingly critical as enterprises accelerate and scale their Kubernetes deployments amid escalating attacks on container environments, NeuVector ensures that DevOps and DevSecOps teams can continually maintain compliance with PCI, HIPAA, GDPR and other stringent regulations.
“By automating scans of Kubernetes YAML files and other resources from repositories and live deployments, the new tool resolves misconfigurations before they have an opportunity to become security and compliance issues,” said Glen Kosaka, VP of Product Management, NeuVector. “This is an important proactive security measure that enables enterprises to run applications with full confidence that their configurations are sound, and that their deployment manifests are safeguarded by continuous and automated protections.”
With the release of this tool, NeuVector introduces a new and streamlined workflow for DevOps and DevSecOps teams to build configuration management directly into their pipeline through a four-step process:
- Assessing CI/CD pipeline vulnerability and managing compliance across container images and deployment files (for example, a GitHub Action can trigger the file-auditing process);
- Preventing unauthorized deployments using admission controls based on Kubernetes resource scans, including continuous audits of the host, orchestrator (Kubernetes), and container configurations;
- Automating and enforcing run-time security policies with a zero-trust model that utilizes security policy as code and CRDs (thereby blocking all unauthorized network, process, and file activity)
- Reporting, alerting, and analyzing security events, capturing forensic data, and remediating discovered issues.
By proactively scanning YAML and other critical files to identify high-risk container deployment configurations, DevOps and DevSecOps teams are able to identify misconfigurations that increase the risks of exploits in production environments. Those deployment files can be scanned through file uploads, repository integration, and during actual deployment (using admission controls).
These scan results then evaluate YAML files against built-in best practices for secure deployments and/or against custom admission control rules that DevOps teams create. Scan results also ensure that DevOps, DevSecOps, and developer teams can address security issues before deployment attempts. For added security, NeuVector can also block deployments that fail security policies.
These capabilities enhance NeuVector’s existing configuration posture management features for containers and Kubernetes, which include CIS benchmarks, custom compliance checks, secrets detection, and serverless permissions auditing.
“Integrating security is critical to our highly automated Kubernetes deployments and DevSecOps culture,” said Nic Gumina, Security Engineer at United Wholesale Mortgage. “The Kubernetes resource scanning capability fills a need in our security posture management requirements and will help us enforce custom, application-specific security policies prior to deployments.”