McAfee this week made several significant announcements designed to further its reach in all areas of cloud security, most centered on extended detection and response (XDR).
The company’s new cloud-based MVISION XDR platform aims to give organizations greater visibility and a full set of threat management capabilities across the attack lifecycle so they can better protect their enterprises both before and after attacks.
More specifically, MVISION XDR enables organizations to prioritize threats, predict if countermeasures will work and detail corrective actions. Incidents are assessed based on user, data classification, device, vulnerability and threat intelligence, and threats can be automatically prioritized based on risk and impact. It does this by incorporating its MVISION Insights and ePolicy Orchestrator security management capabilities, along with threat intelligence, into the stack.
The ability to detect threats before a system is compromised is important, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. Typically, threat detection occurs when a system is compromised or when it starts communicating over a network, so what McAfee is doing—what it calls “shifting left”—is important. Shifting left means detecting a threat before a system is compromised.
McAfee also announced a new platform designed to secure cloud-native applications. The MVISION Cloud Native Application Protection Platform (CNAPP) provides data loss prevention (DLP), malware detection, threat prevention, governance and compliance, allowing developers to work in a secure environments.
Doug Cahill, a cybersecurity vice president at ESG, explained that a cloud-native, integrated cloud security platform requires these capabilities: support for multiple server workload types; support for hybrid, multicloud environments; integrated cloud security posture management; cloud workload protection; and object store DLP capabilities and native integrations into the continuous integration and continuous delivery (CI/CD) toolchain to span the application lifecycle from pre-deployment to runtime.
Essentially, CNAPP converges Cloud Security Posture Management (CSPM) for public cloud infrastructure and Cloud Workload Protection (CWPP) to protect hosts and workloads including virtual machines, containers and serverless functions, according to McAfee. This allows for deep discovery and prioritization of all workloads, data and infrastructure across endpoints, networks and cloud based on risk.
It also helps protect against “configuration drift” and against vulnerabilities in virtual machines, containers and serverless environments. Plus, it provides the ability to build policy based on zero trust and allows Security Operations Centers (SOCs) to map cloud-native threats to the MITRE ATT&CK framework for faster remediation.
MVISION CNAPP is currently in beta and is expected to be fully available in March 2021.