McAfee MVision CASB-Integrated Cloud Security Platform Aims To Ease DevSecOps

McAfee has launched a solution that aims to helps enterprises more quickly and smoothly design and adopt DevSecOps.  IDN looks at McAfee MVision Cloud for Containers.

Tags: CASB, cloud, DevSecOps, MVision, security,

McAfee has launched a solution that aims to helps enterprises more quickly and smoothly design and adopt DevSecOps. 


McAfee MVision Cloud for Containers offers a cloud security platform to integrate container security with the company’s Cloud Access Security Broker (CASB) and Cloud Security Posture

Management (CSPM) security solution. 


MVision provides customers with the ability to leverage zero-trust application visibility and control capabilities for container-based deployments in cloud environments, according to Rajiv Gupta, senior vice president of cloud security at McAfee. 


MVision’s ability to provide these capabilities in part comes via its access to NanoSec container-based approach to app security, which McAfee acquired earlier this year.


"McAfee MVision Cloud for Containers extends our leading data security, threat prevention, governance, and compliance capabilities of the MVision Cloud platform to now cover containers in addition to SaaS, IaaS, and PaaS environments,” Gupta said in a statement. 


"By delivering consistent security across an organization's cloud stack and by integrating that security natively into DevOps processes and toolsets to discover and address security issues before applications are deployed, McAfee is further extending its leadership in the cloud security space and providing more proof of its commitment to help customers leverage the power and security of the cloud," he added. 


McAfee’s View on the Need for Integrated Container-Centric Security for Cloud 

Traditionally, container security is seen as separate from other Infrastructure as a Service (IaaS) security solutions. This required evaluation, investment and management of multiple niche products, which in turn increased deployment time and complexity and the total cost of a security solution. Ironically, such complexity could also reduce the effectiveness of the security offered. 

To resolve these issues, McAfee MVision Cloud for Containers integrates Cloud Security Posture Management (CSPM) and Vulnerability Scanning for container workloads into the existing McAfee MVision Cloud platform. This integrated (and integration-ready) approach aims to give customers a unified cloud security solution, where users can implement consistent security policies across all forms of cloud IaaS workloads.


McAfee MVision Cloud also continuously monitors the production deployments of these container workloads to ensure configuration drift does not compromise the security of applications. 


McAfee MVision Cloud for Containers sports these notable capabilities:   


Cloud Security Posture Management (CSPM): This capability supports container infrastructure and orchestration systems such as Kubernetes. It also ensures that the configuration of the environment does not drift over time, which could result in exposing unintentional risk. McAfee MVision Cloud for Containers integrates Configuration Audit checks for containerized workloads to ensure the container platforms run in accordance with CIS and other best practice compliance standards.


Vulnerability Assessment: This feature evaluates the code embedded in containers (at build-time and periodically over time) to ensure that known risks are exposed or mitigated to reduce the opportunities malicious actors have to land and exfiltrate a container workload.


Nano Segmentation: This feature helps discover and monitor the behavior of network communications between container processes in a way that can deal with the ephemeral nature of containers without relying on external factors such as an IP address.


"Shift Left" DevOps Integration: With this approach, MVision performs CSPM and Vulnerability Scanning checks earlier in the application development lifecycle to identify risk. It also provides meaningful feedback to developers within the build process.


Early adopters of MVision are sharing their experiences on how the approach removes a lot of complications from securing DevOps projects. 


Robert Fish, an enterprise security architect at games giant Electronic Arts, said in a statement: "MVision Cloud gives our company the freedom to choose the best application architecture without having to develop and implement new security tools. We also utilize its security capabilities for the non-container aspects of IaaS Security, including compute, storage and networking."


McAfee MVision Cloud for Containers is available now.


In addition, under a partnership with Google announced at the end of 2019, McAfee will tightly integrate its endpoint security solutions for Linux and Windows workloads, as well as its MVision  Cloud solution for container security, on Google Cloud infrastructure.


McAfee’s vice president of product and marketing Anand Ramanathan said of the partnership, “Increasingly, customers are choosing to move critical workloads and applications to the cloud because of the strong security protections it can provide  As more of these enterprises choose to leverage Google Cloud’s hyperscale capabilities, we’re excited to integrate our core capabilities in VM and container security to ensure Google Cloud customers can benefit from the highest levels of data protection and threat prevention.”