McAfee’s Cloud Native Application Protection Platform is still in beta, but is announcing a series of major integrations with AWS services to streamline deployment and management.
At McAfee’s MPOWER Digital 2020 event in late October, one of the company’s major announcements was the unveiling of the MVISION Cloud Native Application Protection Platform [CNAPP]. While the CNAPP service is still in beta, with General Availability planned for March 2021, today they are announcing their first major integrations, with multiple native Amazon Web Services [AWS] services.
The MVISION CNAPP service combines Cloud Security Posture Management [CSPM], Cloud Workload Protection Platform [CWPP], and application and data security into one solution.
Anand Ramanathan, VP of Products, McAfee, said that CNAPP addresses customer challenges which fall into three buckets – heterogeneous mixes with complexity sprawl, infrastructure with risk of misconfigurations, and large enterprises with highly scalable applications that have unique risk and security requirements.
“McAfee developed CNAPP to address those challenges through a consistent set of security capacities that allow a consistent threat posture,” Ramanathan said.
“A lot of misconfiguration comes down to Cloud Security Posture Management,” he indicated. “Our CSPM looks at the configuration of all resources and matches them up with best practices and compliance requirements.”
Ramanathan said this is essential because McAfee has seen the number of misconfigurations increase by over 200% in the past year, because even though organizations get better at addressing the problem, these advances are outstripped by the pace at which environments become more complex.
“The other aspect is around the workload itself, and what attackers are looking to exploit them,” Ramanathan said. “We have seen a 600% increase in attacks on cloud services over the last year. You need to be able to protect workloads. The Cloud Workload Protection Platform provides application protection for VMs and containers.”
The third thing CNAPP protects is apps and data.
“More apps are moving to the public cloud for agility and business benefits, and you have to know where sensitive data is for DLP, to protect it from exfiltration and insider threats,” Ramanathan indicated.
The AWS partnership provides MVISION CNAPP integrations with AWS deployment services such as AWS Systems Manager and AWS PrivateLink to make deployment easier and more secure. It also integrates with security services like AWS Security Hub.
“We partner with AWS closely,” Ramanathan said. “CNAPP deals with the security challenges customers face as they migrate to public cloud platforms, in this specific case, AWS. AWS has built a tremendous infrastructure and metadata that gives us much better security built into the platform from the get-go. We don’t have to deploy additional software to get this security.”
For instance, Ramanathan noted that AWS Cloud Trail instantly alerts CNAPP to changes in configuration settings, and AWS Elastic Container Registry puts it in a position to look for potential vulnerabilities before code goes into production.
CNAPP also accelerates adoption with integrations with AWS tools like CodeDeploy and CloudFormation that developers use.
“We integrate to make it easier for them,” Ramanathan said.
CNAPP also has purpose-built security audit policies for AWS container services Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), and AWS Fargate.
Ramanatham cited a customer reference from consumer electronics company EA. The EA deployment included CNAPP integrations with AWS Systems Manager, AWS PrivateLink and AWS Security Hub.
“EA is a large group of loosely connected titles and teams,” he said. “Before MVision, their only central control was billing. We reduced misconfigurations by over 90%, down to a total of 10.”
Ramanathan also noted that integration into EA dev processes increased speed of remediation, and elimination of redundant tooling for the many EA teams saved costs.
MVISION CNAPP is available on the AWS Marketplace – subject to that February GA.