SUSE Container Security Platform logo

SUSE Container Security Platform

Container SecurityContainer Runtime SecurityZero Trust Container Security

Open-source container security providing Layer 7 firewall, deep packet inspection, and zero-trust runtime protection.

SUSE Container Security Platform featured image

Product Overview

31 Integrations

SUSE Security (formerly NeuVector) is the only 100% open-source, zero-trust container security platform delivering full lifecycle protection from build to runtime for Kubernetes environments. Unlike proprietary container security solutions, SUSE Security provides end-to-end vulnerability scanning throughout the CI/CD pipeline and into production, with patented Deep Packet Inspection (DPI) technology and a true Layer 7 container firewall that secures east-west traffic between containers and pods.

The platform features automated behavioral learning that discovers application patterns and creates security policies, combined with AI-driven anomaly detection to identify and block network, packet, zero-day, and application attacks including Distributed Denial of Service (DDoS) and Domain Name System (DNS) threats. Security policies can be managed as code using Kubernetes Custom Resource Definitions (CRDs) enabling GitOps workflows, while automated compliance auditing using Docker Bench and Kubernetes Center for Internet Security (CIS) Benchmark tests generates risk scores and compliance reports for Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR).

Originally founded in 2015 and acquired by SUSE in October 2021 for $130M, SUSE Security was open-sourced in January 2022 making it the industry's first fully open-source container security platform. The platform integrates seamlessly with SUSE Rancher for multi-cluster security management and supports all major Kubernetes distributions including Red Hat OpenShift, VMware Tanzu, Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS), serving regulated industries including financial services, healthcare, and government sectors.

Product Details

Security Domain

Security category

Container Security

Key Capabilities

Specific security problems this product solves

Container Runtime SecurityZero Trust Container Security

Key Features

Core capabilities and differentiators

Admission ControlAI Anomaly DetectionBehavioral Learning ModeCIS BenchmarksDeep Packet InspectionDLP SensorsFile System MonitoringLayer 7 FirewallMulti-Cluster FederationNetwork SegmentationPolicy as Code (CRDs)Process MonitoringRuntime Vulnerability ScanningWeb Application Firewall (WAF)Zero-Drift Protection

Integrations

Compatible tools and platforms

Amazon ECRAWSAWS EKSAzureAzure ACRAzure AKSAzure DevOpsBambooCircleCIDockerGCPGitHub ActionsGitHub Container RegistryGitLabGoogle Container RegistryGoogle GKEGrafanaHarborJenkinsKubernetesLDAPPagerDutyPrometheusRed Hat OpenShiftSAMLSigstore CosignSlackSUSE RancherSYSLOGVMware TanzuWebhook

Deployment Options

Where and how this solution can be deployed

CloudHybridOn-Premise

Support Channels

Available support and communication options

Community Support (GitHub)Customer Center PortalDocumentation PortalPremium Support with Named EngineersSupport Forums

Pricing Model

How this solution is priced

Enterprise LicenseOpen SourceSubscription

Vendor Information

SUSE logo

SUSE

Nuremberg, Germany