Understanding Nexus Container: 5 Technologies You Need for Full Life Cycle Container Security

“Containers are changing the data center the same way containers changed global trade.” – Jim Zemlin, Executive Director, Linux Foundation 

Today, we announced the newest addition to the Nexus Platform – Nexus Container – a solution we’re especially excited about bringing to the market and our customers. Why? We all know that securing containers and Kubernetes deployments from build to run-time requires a holistic approach to defense. Deploying efficiently and safely requires expertise spanning Development, Security, and Operations teams, and Nexus Container provides the key technologies needed not only for vulnerability and compliance scanning, but also for complete run-time container security. 

So, what are these “key technologies”? The rest of the blog will delve deeper into 5 technologies necessary for full life cycle container security. 

Network Packet Inspection

If you want real-time container security, you need insights and protections as they are happening. While vulnerability scanning is essential to container security, it’s only a snapshot in time. Comprehensive container security requires real-time visibility. Not only can Nexus Container protect based on application level (Layer 7) protocols (not just IPtables or Level 3/Level 4 data), but suspicious activity can be investigated by capturing network sessions and inspecting the packets directly. We can see all network traffic at Layer 7 using the best source of truth – the network.

This technology can block unauthorized connections without impacting the safe, authorized connections in the container from continuing. This unique network interception and filtering does not require an agent, sidecar, or image modification.

Auto-Learning & Scaling

Manually creating policy and rules for each environment, application, and update made is just not feasible. Automation is key to saving Dev, Sec, and Ops teams time, and they’ll get time back with Nexus Container’s ability to automatically generate rulesets and security as code (Read more...)