Adding Container Security to McAfee’s Cloud Security Platforms
Containers represent the future of application development. Using containers allows companies to develop, test, and deploy applications faster, more reliably, and more efficiently than ever. Containers are an essential technology empowering digital transformation for companies in every industry.
Security for containers has rapidly become a top priority for IT teams at organizations of all sizes. Yet companies cannot afford to copy and paste legacy security approaches to container environments. Securing containers calls for tools developed specifically for the unique characteristics and workflows of container infrastructure.
McAfee is acquiring NanoSec to provide customers with best-in-class container security capabilities as part of our cloud access security broker (CASB) and cloud workload protection platform (CWPP) solutions. NanoSec’s multi-cloud, zero-trust application security technology will enable organizations to improve governance and compliance and to reduce risk of their cloud and container deployments.
The acquisition will ensure McAfee customers benefit from tools designed specifically for the next frontier of cloud security.
“Joining forces with McAfee means that our groundbreaking capabilities including our unique application-identity based approach for app-level protection and micro-segmentation will be available on a global scale. It felt like a natural fit to join McAfee to deliver to application development and security professionals greater visibility and control over detecting, responding and resolving threats to reduce risk.”
-Vishwas Manral, founder and CEO of NanoSec
DevSecOps: Every Company Is a Software Security Company
If every company is becoming a software company, every company will use containers to do so. Containers allow for more efficient and cost effective application development and deployment. Gartner predicts that “by 2022, more than 75% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 30% today.” For IT security teams, enabling the secure use of containers means empowering technology teams with the best tool for the job.
The use of containers calls for a new security paradigm. Security for containerized applications is implemented during the development process, not after the application has been deployed to production. The term DevSecOps has appeared to describe the role of DevOps teams in securing applications.
“Security can’t be an afterthought. It needs to be embedded in the DevOps process, which Gartner refers to as ‘DevSecOps,’” Gartner says. “Organizations need to plan for securing the containerized environment across the entire life cycle, which includes the build and development process, deployment and run phase of an application.”1
The acquisition of NanoSec adds to McAfee MVISION Cloud’s capabilities to ‘Shift-Left’ cloud security, implementing security earlier in the application development process. This allows enterprises to integrate McAfee security capabilities that are native to the DevSecOps methodology, pushing security controls earlier in development workflows to address security issues before applications are deployed. In addition to their technology, the NanoSec team brings container-specific expertise that will help drive innovation in McAfee’s cloud security offerings. This move extends McAfee’s device-to-cloud security approach to encompass container security, tailored to the way DevSecOps teams work.
Security at the Speed of Microservices
Containers bring their own set of security risks based on the speed and flexibility the technology allows for. The nature of microservices creates many front and side doors within application infrastructure that can be compromised by malicious actors. Visibility and control must keep up with the speed of a container-based system.
These ephemeral environments require an agile, real-time security approach. Traditional approaches to monitoring user behavior rely on IP addresses – a method completely out of step with the state of container environments, where elements rapidly come online and offline.
NanoSec’s technology was created specifically for the needs of container environments. Capabilities include continuous configuration compliance and vulnerability assessment as well as runtime application-level segmentation for detecting and preventing the lateral movement of threats. These controls will be integrated into the McAfee MVISION Cloud and MVISION Server Protection offerings, extending cloud security to applications and workloads deployed in containers and Kubernetes.
With NanoSec’s container security capabilities added to McAfee’s cloud security platforms, customers can speed up application delivery while enforcing governance, compliance, and security for hybrid and multi-cloud deployments. Enterprises are undergoing a period of rapid adoption of containers and microservices. Traditional approaches to security will be irrelevant in these new environments. McAfee’s acquisition of NanoSec gives IT security teams another cloud-native security tool designed for this modern infrastructure.
1 Gartner Best Practices for Running Containers and Kubernetes in Production, Arun Chandrasekaran, 25 February 2019