McAfee this week announced a cloud-based container security platform that integrates with its CASB and CSPM security solutions.
By integrating its Cloud Security Posture Management (CSPM), Cloud Access Security Broker (CASB) and vulnerability scanning for container workloads into its MVISION platform, the McAfee MVISION Cloud for Containers can help application developers ensure that container workloads are secure and compliant. The platform allows DevOps teams to perform CSPM and vulnerability scanning checks earlier in the application development life cycle, and continuous monitoring helps prevent "configuration drift" on production deployments of container workloads, according to the company.
McAfee MVISION Cloud also integrates with the tools that the application development and DevOps teams use to build software. This automates the process and helps ensure that configuration vulnerabilities are eliminated.
"It's about making sure that hardened container configurations are deployed to production," explained Doug Cahill, a senior analyst at ESG. "It's important to make sure that when you push containers to production, you have wrung out known vulnerabilities."
The ability to automate the inspection of container images for known vulnerabilities at build time is a critical component of this solution, Cahill said, because containers today don't live that long.
It also puts security front and center for application development—something that hasn't been done much in the past.
"Security has too often been an afterthought where we think about it after applications are in production. Something like this allows us to think about security earlier in the life cycle," he said.
Through the integration of CSPM, the platform checks to ensure that container platforms run in accordance with CIS and other best practice compliance standards. At the same time, automating security checks can speed up the process by eliminating manual testing.
What McAfee is doing by combining elements of container security, cloud security, posture management and cloud workload protection is noteworthy, Cahill said.
"We're seeing point tools converge into cloud security platforms, and that helps teams work together. It makes cloud security more efficient for the DevOps team, the security team and the compliance team to work together," he said.