Container network security vendor NeuVector is announcing the 3.0 release of its namesake platform on March 1, providing organizations with an integrated data loss prevention (DLP) capability.
With DLP, NeuVector will be able to discover personally identifiable information (PII) within cloud-native container and Kubernetes workloads, helping organizations limit the risk of data loss, as well assisting with privacy compliance requirements. Additionally, in NeuVector 3.0 the company is introducing a new multi-cluster management capability to better handle larger deployments across multicloud environments.
"We found that for performance and flexibility reasons, we needed to write our own deep packet inspection engine for Layer 7 firewalling, and this DLP engine is built on top of that," NeuVector CTO Gary Duan told eWEEK. "This engine gives us the ability to support not just container DLP, but to detect custom application protocols that are specific to each customer’s application."
NeuVector was launched in January 2017 and has raised $9 million in venture funding. In a 2018 video interview with eWEEK, Fei Huang, CEO and co-founder of NeuVector, explained the core principles of his company's platform and its network-centric view of container and cloud-native security. The deep packet inspection (DPI) capability that enables the container firewall and new DLP feature is a reflection of that vision.
Duan said NeuVector's patented technology provides his company with the ability to inspect packets in real time in a cloud-native container environment and then quickly add new threat detections and network visibility.
What Network DLP Provides
DLP technology can sometimes involve data classification, where an organization or an automated process is able to sift through data and then identify if the data includes PII.
"The container DLP technology in 3.0 focuses on network DLP, which detects sensitive data in network payloads by detecting known data patterns such as credit cards and PII," Duan said. "Data classification and detection techniques can be built on top of this in the future and are used primarily for scanning data at rest."
Duan added that for performance reasons, network-based container DLP has to be fast and lightweight and avoid techniques such as file inspection in payloads.
Another challenge that DLP technologies face is detecting sensitive information within encrypted data flows. Duan explained that NeuVector typically inspects network connections before they are encrypted, or at the destination after decryption. For example, with service mesh encryption by the proxy sidecar, NeuVector is able to detect PII, credit card and other sensitive data before it is encrypted by the proxy.
"Of course, if encryption is embedded into the application workload container, then NeuVector will not be able to inspect the payload, but this is not likely due to the high maintenance required for such an architecture," he said.
Another big addition to NeuVector 3.0 is the multi-cluster management capability. Duan explained that most initial deployments on Kubernetes were in a single cluster but, now that enterprises have their initial architecture and pipeline established, they are rapidly expanding by deploying new services in multiple clusters.
"With NeuVector 3.0, enterprises can now monitor and manage multiple clusters from a single console, enabling them to respond more quickly to security events," he said.
Looking forward, Duan expects that his company will continue to add new features to keep pace with constantly changing security perimeters.
"Ultimately, the security perimeter must follow and protect the individual application workload, no matter where it is deployed, across hosts, clusters or clouds," he said. "NeuVector will continue to add application and network security features to our core technology, while supporting these new deployment patterns that are enabled by Kubernetes, service mesh and public clouds."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.