US Patent 10353726 Transparent network security for application containers

A security container of a container environment receives an indication of a new application container connected to a virtual switch of a server, the connection established by a container service providing operating system-level virtualization for each application container. The security container disconnects a first connection from the virtual switch to the application container at the application container. The security container connects the first connection from the virtual switch to the security container. The security container establishes a second connection from the security container to the application container. The security container receives data from the application container. The security container inspects the received data for network security. The security container forwards the received data to an intended destination via the virtual switch.