McAfee MVision Cloud-Native App Protection Platform Adds Native AWS Integrations

McAfee MVision is set to bring data loss prevention and malware detection to Amazon Web Services projects with enhancements to its Cloud-Native Application Protection Platform (CNAPP).  The release is set to go GA in early 2021.

Tags: AWS, DevOps, cloud-native, McAfee, MVision,

McAfee MVision’s Cloud-Native Application Protection Platform is enhancing its platform by adding integrations to Amazon Web Services.   


Slated for general release in Q1 2021, McAfee MVision CNAPP extends McAfee MVision Cloud’s data protection for AWS projects. It aims to provide both data loss prevention and malware detection for threat prevention and governance and compliance to improve security capabilities and reducing the total cost of ownership (TCO) of cloud security.


Collectively, MVision CNAPP’s latest AWS integrations aim to help customers  easily secure apps and data for their cloud-based IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) environments. 


In specific, the latest edition of MVision CNAPP provides five key capabilities:


Thorough discovery: It can provide discovery of all workloads, data, and infrastructure across endpoints, networks, and cloud; prioritized based on risk.


Build & Deploy: Protects against configuration drift and provides vulnerability assessment across virtual machines, containers, and serverless environments.  It also provides automation to empower greater developer productivity.


Runtime: This lets users build policies based on zero trusts and behavioral observations to eliminate false positives and achieve scale with known good behavior enforcement.


Operate: Empower SOCs (Security Operations Centers) by mapping cloud-native threats to the MITRE ATT&CK framework for expedient remediation.


Protect: Automate security controls for continuous compliance and governance to ensure business continuity.


MVision’s ability to support multiple AWS services will let users continuously identify and fix misconfigurations and software vulnerabilities in their AWS environment, according to McAfee’s Anand Ramanathan, vice president of product management


“AWS Security Hub is a great example of a security service built specifically for AWS customers. We’ve collaborated with AWS to add hybrid security use cases and broader workload and data context to enhance the value of this service, as well as to leverage AWS-native deployment services allowing customers to simply add our CNAPP capabilities to deployment pipelines already in use thus seamlessly enhancing the security of their cloud-native applications,” he said in a statement.


Dan Plastina, Vice President, Security Services, Amazon Web Services, Inc. said; “In today’s digital enterprise, security is a critical priority across the organization. We are delighted to be working with McAfee to facilitate collaboration across developer and security teams so that customers can more effectively secure their workloads in the cloud.”

MVision Also Brings Best Practices, Automation To Secure DevOps, Cloud-Native Apps

McAfee MVision CNAPP’s support for AWS also furthers the platform’s support for bringing security into DevOps – and app development lifecycle for cloud-based apps. Shitij “Sunny” Suneja a McAfee senior cloud security architect explains how CNAPP helps cloud app teams in his latest blog

As DevOps teams move their workloads into the cloud, security teams will need to implement best practices that apply operations, monitoring and runtime security controls across public, private, and hybrid cloud consumption models.

CNAPP first discovers all the cloud-native components mapped to an application, including hosts, IaaS/PaaS services, containers, and the orchestration context that a container operates within.  With the use of native tagging and network flow log analysis, customers can visualize cloud infrastructure interactions including across compute, network, and storage components.


Additionally, the platform scans cloud native object and file stores to assess presence of any sensitive data or malware. Depending on the configuration compliance of the underlying resources and data sensitivity, an aggregate risk score is computed per application which provides detailed context for an application owner to understand risks and prioritize mitigation efforts.


As a cloud security posture management platform, CNAPP provides a set of capabilities that ensure that assets comply with industry regulations, best practices, and security policies. This includes proactive scanning for vulnerabilities in container images and VMs and ensuring secure container runtime configurations to prevent non-compliant builds from being pushed to production. 


The same principles apply to orchestrator configurations to help secure how containers get deployed using CI/CD tools. These baseline checks can be augmented with other policy types to ensure file integrity monitoring and configuration hardening of hosts (e.g., no insecure ports or unnecessary services), which help apply defense-in-depth by minimizing the overall attack surface.


Finally, the platform enforces policy-based immutability on running container instances (and hosts) to help identify process-, service-, and application-level whitelists. By leveraging the declarative nature of containerized workloads, threats can be detected during the runtime phase, including any exposure created as a result of misconfigurations, application package vulnerabilities, and runtime anomalies such as execution of reverse shell or other remote access tools.


While segmentation of workloads can be achieved in the build and deploy phases of a workload using posture checks for constructs like namespaces, network policies, and container runtime configurations to limit system calls, the same should also be enforced in the runtime phase to detect and respond to malicious activity in an automated and scalable way.  The platform defines baselines and behavioral models that can specially be effective to investigate attempts at network reconnaissance, remote code execution due to zero-day application library and package vulnerabilities, and malware callbacks.

MVision CNAPP is available in AWS Marketplace, providing customers a streamlined method for purchasing the new service and providing consolidated billing for consumption.