Open Source NeuVector Container Security Platform Now Available
SUSE this week made good on a promise to open source the NeuVector container security platform it acquired last year.
Sheng Liang, president of engineering and innovation for SUSE, says an open source security platform will make it easier for more developers and DevOps teams to apply DevSecOps best practices to cloud-native applications by making a container security platform readily available at no cost.
The arrival of an open source edition of NeuVector comes as many organizations review their software supply chain processes in the wake of a series of zero-day vulnerabilities and a spate of high-profile breaches. In theory, container applications are more secure than legacy applications because it’s simpler to rip and replace containers that have encapsulated vulnerable code than it is to patch a monolithic application.
However, Liang notes that containers have their own security issues that require deep network visibility, inspection and segmentation; vulnerability, configuration and compliance management and risk profiling, threat detection and incident response. The containers themselves are not at the core of the issue; rather, it is the level of security of the code encapsulated in the container that could be problematic.
Today, the most prevalent container security issue involves the illicit mining of cryptocurrencies, also known as cryptojacking. Cybercriminals hijack existing containers or use those that have been surreptitiously deployed in, for example, a cloud computing environment. However, as more container applications are used to drive digital business transformation initiatives, it’s only a matter of time before the same techniques used to gain access to a cloud platform for cryptojacking are used for more nefarious purposes.
Going forward, Liang says SUSE will drive deeper integration between NeuVector and Rancher, the platform for managing containers that SUSE gained with the acquisition of Rancher Labs. IT teams will also be able to easily install NeuVector from the Rancher application catalog.
In general, Liang says SUSE, as a curator of open source software, remains highly committed to open source security. Organizations that rely on SUSE to consume open source software are shielded from zero-day vulnerabilities such as the Log4j flaw. No SUSE customer was impacted by those vulnerabilities, which impacted the popular Java logging tool, notes Liang. If there ever is an issue involving zero-day vulnerabilities, Liang adds, SUSE assumes all responsibility for remediation.
There is, of course, no shortage of platforms for securing containers. Until recently, few of those platforms were available under an open source license. Open source availability is one factor that tends to encourage adoption. The challenge has been embedding these platforms within a larger DevOps workflow used to build and deploy applications constructed using containers. Most DevOps teams are still in the early stages of embracing DevSecOps best practices.
In the meantime, however, container applications are starting to appear in production environments in greater numbers; it’s only a matter of time before more cybercriminals target those apps. The need for DevOps and cybersecurity teams to collaborate on securing these applications—both before and after they are deployed in a production environment—has never been more pressing.
