McAfee Adds Containers to CASB, Cloud Security Platform

After teasing a new container security product last week at AWS re:Invent, McAfee today announced that Mvision Cloud for Containers is now available, and it integrates with the vendor’s cloud access security broker (CASB) and cloud security posture management (CSPM) technology. After teasing a new container security product last week at AWS re:Invent, McAfee today announced that Mvision Cloud for Containers is now available, and it integrates with the vendor’s cloud access security broker (CASB) and cloud security posture management (CSPM) technology. The new product uses NanoSec’s zero trust capabilities for container-based deployments in cloud environments. McAfee bought the container security startup in August. NanoSec developed an application-centric security platform that provides microsegmentation for container-based workloads. It segments each application to enforce a zero-trust model with a behavior-based whitelist. This only allows necessary actions and connections in the application and blocks anything else. It also prevents threats from moving laterally through the network. The new Mvision Cloud for Containers provides configuration audit checks for containerized workloads as well as vulnerability scanning of container images, which identifies and prevents the use of weak or exploitable components of the container images. This reduces the overall risk profile of the application by minimizing the attack vectors. Integrating all of these pieces into its Mvision Cloud platform allows customers to apply consistent security policies across all cloud infrastructure as a service (IaaS) workloads, McAfee says. “McAfee Mvision Cloud for Containers extends our leading data security, threat prevention, governance, and compliance capabilities of the Mvision Cloud platform to now cover containers in addition to SaaS, IaaS, and PaaS environments,” said Rajiv Gupta, senior vice president of cloud security at McAfee, in a statement. “By delivering consistent security across an organization’s cloud stack and by integrating that security natively into DevOps processes and toolsets to discover and address security issues before applications are deployed, McAfee is further extending its leadership in the cloud security space and providing more proof of its commitment to help customers leverage the power and security of the cloud.” At last week’s re:Invent conference, McAfee executives discussed the importance of integrating security into DevOps processes — also called DevSecOps. This becomes increasingly important as companies move workloads to the cloud. “Everything needs to be automated, everything needs to be integrated into the CI/CD process in order to remove friction in your activity,” said Sekhar Sarukkai, McAfee fellow and co-founder of Skyhigh Networks, at a press conference in Las Vegas. Skyhigh was a CASB pioneer that McAfee acquired in early 2018. McAfee’s platform does this by automatically scanning for things like misconfigurations and code vulnerabilities before it is deployed. It also checks containers for known exploits and can fix those as well, and now it adds microsegmentation with Mvision Cloud for Containers.