SUSE NeuVector is a 100% open-source Kubernetes container security platform built for enterprise-grade environments. Supported by a strong community of users, SUSE NeuVector provides full lifecycle container security from build, pipeline, registry to production. SUSE NeuVector enables you to run Kubernetes SECURELY everywhere - from cloud to on-prem or at the edge.

In addition to end-to-end vulnerability and compliance scanning, NeuVector provides unique runtime protection which combines a layer7 container firewall with workload process/file protections. The network protection of NeuVector uses deep packet inspection (DPI) to monitor and block network threats, segmentation violations, and unauthorized ingress or egress connections. This technology enables data leak protection (DLP) rules, web application firewall (WAF) rules, api security validation, and is compatible with service meshes such as istio and AWS App Mesh.

SUSE NeuVector is a cloud-native solution which deploys easily on EKS to protect workloads and hosts from vulnerability exploits and zero-day attacks. The deployment is a set of containers (manager, controller, enforcer, scanner) which can be managed through the console or rest API. This deployment configures a AWS load balancer service to expose the manager console. For more information on NeuVector see the project documentation.