VMware Adds Container Security to Carbon Black Cloud

VMware added container security to Carbon Black Cloud, its endpoint and workload security platform. VMware added container security to Carbon Black Cloud, its endpoint and workload security platform. The new capabilities use technology that VMware acquired from Octarine — one of the virtualization giant’s several purchases this year — and they build on VMware’s Cloud Workload Protection that it announced at VMworld. In its first release, the Carbon Black Cloud container security features provide visibility into on-premises and public cloud Kubernetes clusters to help identify misconfigurations and other security risks. It also lets users customize policies to maintain compliance and ensure desired state configurations. The new capabilities make it easier for security teams to integrate into the developer lifecycle, and thus enable a DevSecOps approach to security, wrote Shemer Schwarz, senior director of product management at VMware Carbon Black, in a blog post. Schwarz was the CEO and co-founder of Octarine before VMware acquired the cloud-native security startup. “As organizations embrace Kubernetes for developing and deploying applications, they also embrace its philosophy of configuration-as-code,” he wrote. While this gives development teams more agility and results in shorter times to market for applications, it also creates new security challenges. If developers don’t monitor and enforce policy over configuration changes, they potentially introduce vulnerabilities that, if exploited, don’t just compromise a single application but the entire cluster, Schwarz explained. “With Kubernetes, we’re moving into immutable infrastructure, which means that security needs to be integrated earlier in the development lifecycle rather than applied as an afterthought,” Schwarz wrote. “Organizations moving to Kubernetes need to set boundaries for development teams through configuration and compliance policies so that the misconfigurations are avoided, and critical changes to infrastructure after deployment are flagged for review. These policies must protect the complete development and deployment cycle without impacting development agility and speed to market.” Carbon Black Cloud’s container security allows customers to automate DevSecOps processes to ensure continuous security and compliance for multi-tenant, multi-cluster Kubernetes workloads, he added.