McAfee’s integration of container security into its existing IaaS framework also brings security earlier into the DevOps cycle, to make it easier for developers to bake it in.
Cybersecurity vendor McAfee has announced McAfee MVISION Cloud for Containers. The solution integrates container security within the company’s existing Infrastructure-as-a-Solution [IaaS] architecture, through their Cloud Access Security Broker [CASB] and Cloud Security Posture Management [CSPM] security solution. It also marks the speedy integration of the container security technology of NanoSec, which McAfee acquired in August.
The NanoSec acquisition was an important one for McAfee, because MVISION Cloud previously had no container security solution at a time when demand for containers has been taking off.
“We are in a situation today where containerized workloads have been growing very quickly,” said John Dodds, Director of Product Management at McAfee. “Gartner expects that 75% of global organizations will have containerized apps by 2022.” That compares with around 30% today.
“We look at containers as another option in the IaaS space,” Dodds noted.
Dodds said that within the containerization ecosystem, NanoSec was an attractive buy for McAfee.
“They were at a phase that was perfect for an acquisition target, where the product was just rolling out, but they didn’t have a large market share,” he indicated. “With respect to their technology, they were also taking a very novel approach. Others in the space were more evolutionary, taking things that worked in other situations and applying another layer.”
Two elements of NanoSec’s technology are cloud-native configuration management, and using a vulnerability scan rather than a malware scan to reflect the fact that containers are immutable. This evaluates the payload of containers.
“The really exciting part through is their nano-segmentation – a play on micro-segmentation of network isolation,” Dodds said.” They had a completely ground- up new tech for isolating network traffic to achieve container isolation and security.” That technology provides zero trust application visibility and control capabilities for container-based deployments in the cloud.
The new solution integrates the container security with McAfee’s broader CASB and CSPM capabilities, which ensure the container platforms run in accordance with best practice compliance standards.
“Containers don’t live in a vacuum,” Dodds stated. “We wanted to integrate it into other IaaS resources and into the configuration and audit capability that we already had.”
Dodds emphasized that the integration with the existing MVISION capabilities is a complete one.
“This is not just a reskinning,” he said. “It’s a native integrative product. I’m proud of the fact that the team went from acquisition to this in three months.”
Dodds stressed that the real significance of the new capability is to make it easier to work security into the DevOps process earlier, and deliver DevSecOps by performing CSPM and vulnerability scanning checks earlier in the application development lifecycle.
“Containers are much more developer-centric,” Dodds said. “Security doesn’t get a chance to add policies like they used to, when it was generally a pain for developers because it came in after the fact and was an interruption. Security will not be able to keep up with DevOps because it is a continuous pipeline. That means that the only way you will have a secure system is if you don’t make it a burden, and make it easier by design for developers to secure things early. That’s what DevSecOps is. It doesn’t interrupt the developer workstream. This goes to developers and says we can integrate security validation into the build process so you can fix it online, with your own tools. That’s more attractive than interrupting the process, which was how it was done in the past.”
McAfee MVISION Cloud for Containers is available now.