McAfee announced today it has added a container security module to McAfee MVISION Cloud following its acquisition last August of NanoSec, a provider of a set of tools for segmenting network traffic between containers.
John Dodds, director of product for McAfee, says McAfee MVISION Cloud for Containers combines the “nano segmentation” overlays created by NanoSec with security tools from McAfee that include container vulnerability tools for scanning containers and making sure configuration drift doesn’t occur, a cloud access security broker (CASB) and a cloud security posture management software that audits configurations.
Dodds says the goal is to provide IT teams with a single integrated platform through which cybersecurity issues that pertain to microservices-based applications built using containers can be addressed alongside the cybersecurity requirements of monolithic applications.
Dodds says the rise of containers is pushing the responsibility for cybersecurity further to the left as organizations start to embrace best DevSecOps processes. The challenge is finding a way for developers and cybersecurity teams to work more closely together, he says. For example, in an ideal world, developers would implement the controls defined by cybersecurity teams, who would then verify those controls have been implemented. McAfee wants to make it possible for both developers and cybersecurity teams to “do the right thing” without slowing down the application development and deployment process, he says.
Previously, cybersecurity teams would have simply limited the platform options available to developers. However, these days it is apparent cybersecurity teams need to adjust to demand for a more agile approaches to ensuring security that are driving more applications into the cloud, adds Dodds.
Of course, the larger the attack surface becomes the more challenging it is to ensure security. Not only are there more platforms to secure, but the level of interdependency between microservices developed using containers also makes it difficult to ensure a single breach doesn’t compromise the entire IT environment.
The challenge is that each microservice now generates alerts that need to be correlated and investigated. That shift in how applications are built and deployed will eventually require IT organizations to embrace machine learning and other forms of artificial intelligence (AI) more aggressively to cut through all the noise being generated by the IT environment. AI is not only inevitable at this point, but Dodds also says it’s becoming essential. In fact, McAfee via its cloud service will be applying AI to data streams being generated by billions of sensors embedded in its endpoint security software, he notes.
Dodds says McAfee also plans to extend the reach of McAfee MVISION Cloud into the realm of serverless computing frameworks, which are rapidly becoming a natural extension of any containerized environment. Regardless of the computing framework employed, IT teams are going to need a common platform through which they can address the security requirements of containers, serverless computing frameworks and traditional virtual machines, he notes.
Of course, McAfee is not the only cybersecurity vendor with similar ambitions. The challenge IT teams now face is determining to what degree they want to rely on a single vendor to address container security alongside every other platform already being employed.