Advanced Computing in the Age of AI | Wednesday, June 29, 2022

Startup Targets Runtime Container Security 

Promising stronger and faster security for application containers in production, a startup has unveiled a new continuous security approach based on adaptive behavioral learning. The approach is said to secure distributed applications delivered via containers at their most vulnerable point: in production environments where deployed and scaled across hosts and datacenters.

Virtualization and security veterans from Cisco Systems (NASDAQ: CSCO), Fortinet, and VMware (NYSE: VMW) founded NeuVector Inc., which is adding to the growing container ecosystem with a patent-pending behavioral learning technique for continuously securing containers as container networks scale.

Isolation of individual containers is seen as the surest way to provide application security. NeuVector said Tuesday (Jan. 31) its approach goes a step further by providing "application layer segmentation" designed to isolate container traffic in datacenters.

Based on its behavioral learning approach, security holes such as suspicious connections can be automatically detected and blocked before they spread. The container security platform also scans for runtime vulnerabilities such as distributed denial-of-service attacks (DDoS) across all hosts and production containers, the startup said.

Existing approaches "are not adaptable to container environments—they don't transfer well, and other solutions are slow and incomplete," asserted NeuVector co-founder and CEO Fei Huang. "What we’ve designed is a security container that is intelligent enough to understand—in real-time—what applications are doing." The intent is better protection against malicious traffic, he added.

The security tool is itself a container, making it easier to deploy without configuring or manual policy updates that are prone to errors.

The startup based in Milpitas, Calif., works with hyper-scalers like Amazon Web Services (NASDAQ: AMZN) along with container leaders such as Docker and Mesos along with the Kubernetes container orchestration community on secure deployment and management of application containers in datacenters and across public and private clouds.

While issues such as persistent storage are emerging as application containers enter production, security remains a top concern. For example, more than half of respondents to a recent Forrester Research survey cited container security as their top concern. Those concerns are being fueled by the spread and sophistication of recent DDoS attacks that zero in on network vulnerabilities as more devices are linked via the Internet of Things.

NeuVector further claims its application behavior approach overcomes the tendency of early container security tools to deliver false-positive security warnings that slow down production container traffic. The company claims its approach blocks only suspicious container traffic such as unauthorized connections without disrupting running containers.

The tool also targets DevOps teams that are increasingly tasked with delivering application updates at a faster pace. Security tools have had trouble keeping up, the startup asserts.

The container security application is available for download here or on the Docker Hub registry.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

One Response to Startup Targets Runtime Container Security

  1. Nicholas Maietta says:

    It is refreshing to see a trending and widely adopted technology get a real lookover from a security perspective early off in the game.

    I’ve been moving quickly to adopt the microservices approach to software design and using docker and swarm to manage my containers where those microservices live. It has been an amazing ride so far and it’s only just begun.

    If we had this technology back when I started programming some 18.5+ years ago…

Add a Comment