NeuVector, the leader in container network security, today announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration – developed in coordination with IBM Cloud and the Istio open source development team – delivers first-of-its-kind network visibility and threat detection, even for connections that are encrypted by Istio or Linkerd2. NeuVector also protects Istio and Linkerd2 application containers at run-time and provides comprehensive service mesh container discovery and visualization, equipping customers with a unique view into their container infrastructure and network communication paths.
NeuVector will be demonstrating how its solution works with Istio – together with the IBM Cloud Istio team – at IBM Think 2019. Attendees can learn more about this release and how NeuVector is helping enterprises ensure end-to-end container network security at booth #127. IBM Think 2019 takes place February 12-15 in San Francisco.
The Istio and Linkerd2 service mesh platforms provide routing and authentication of pod-to-pod (container-to-container) connections and can encrypt the communication between pods. NeuVector’s unique and patented technology adds another layer of security by enabling deep packet inspection before the Istio or Linkerd2 encryption begins. This integration with service mesh technologies enables NeuVector to deliver strong network threat detection and application layer visualization for Istio, Linkerd2 and other service mesh-based applications – including their sidecar containers – from the moment the NeuVector container network security solution is deployed to Kubernetes environments.
“Istio and Linkerd2 have proven to be incredibly powerful and scalable service mesh technologies, and we’re proud to release this integration to provide devops and security teams with even more container network visibility and security,” said Gary Duan, CTO, NeuVector. “Organizations leveraging any service mesh in production Kubernetes deployments can now rest assured that their environments are secure, and that attacks on these environments will be recognized and defeated.”
Via this patent-pending integration, NeuVector is providing the most robust defense for Kubernetes production deployments using a service mesh such as Istio or Linkerd2 – including threat detection based on deep packet inspection and application protocol verification. The integration also extends the security coverage of Istio and Linkerd2 protocol awareness for HTTP and gRPC services, as well as other application protocols that NeuVector supports using TCP, UDP and ICMP. Customers can also leverage NeuVector’s industry-leading traffic monitoring and visualization capabilities to verify that their Kubernetes container infrastructure is deployed correctly and functioning properly.
“We selected NeuVector to protect containers in production because it combines network and run-time security with vulnerability management for compliance,” said Christian Hüning, System Architect, figo GmbH. “NeuVector is continuing its innovation by providing deep network visibility into service mesh encrypted traffic.”
Additionally, adding Istio and Linkerd2 integration provides investment protection by ensuring that Istio and Linkerd2 deployments are secure in production and can be continually monitored for security exploits.