McAfee seeks to secure DevOps
McAfee MVISION Cloud for Microsoft Azure integrates security early in the DevOps process
McAfee has announced updates to McAfee MVISION Cloud for Microsoft Azure that will help customers “shift left” with security to pre-emptively help to address compliance and risk within their cloud infrastructure.
With McAfee MVISION Cloud, security is pushed earlier into the DevOps process so that security professionals can catch risky configurations before they become a threat in production.
While infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) environments provide customers with choice and flexibility, if not configured correctly, they also potentially increase the organization’s surface area for security risks. With the new features in McAfee MVISION Cloud for Azure, security groups can integrate policy natively into DevOps processes and toolsets to discover security issues before systems are deployed to accelerate business in the cloud.
Rajiv Gupta, senior vice president of Cloud Security, McAfee said: “By integrating with the DevOps tools, McAfee MVISION Cloud for Microsoft Azure will help security teams remove the risk of systems running with unresolved misconfigurations, reduce the workload of infrastructure teams by employing a fix once at the source and give them the ability to enact and evaluate security policies from one central location without adding friction to the development teams.”
Shifting Left gives organisations the ability to avoid common security-related issues. According to Cloud-Native: The Infrastructure-as-a-Service Adoption and Risk Report, 99% of IaaS misconfigurations go unnoticed. Most IaaS, PaaS, and Container configuration audit tools focus on evaluating the risk of resources that are already live. Scanning systems once they are live is important for detecting configuration drift, but it also allows risks from misconfiguration to be exposed until they are discovered and remediated. If left unfound, these issues are then recreated when the suspect templates are used to provision more systems resulting in a proliferation of real risk in large numbers of live systems. Potentially, this problem is further repeated across the many development teams in the organisation.
“We’re pleased to see that McAfee is helping improve how companies operate infrastructure safely in the cloud,” said Scott Woodgate, senior director, Azure Security, Microsoft Corp. “With McAfee MVISION Cloud, Microsoft security professionals can gain better visibility and control over their cloud resources and detect and respond to threats earlier in the development lifecycle. Optimally, McAfee helps customers realize the full potential of Azure services by removing security as the barrier to getting things done.”
McAfee MVISION Cloud for Microsoft Teams provides a cloud security platform that works across IaaS, PaaS, Container and software-as-a-service (SaaS) environments. It integrates through an API with the Azure infrastructure to enforce security controls that span from the IaaS/PaaS infrastructure all the way up to custom applications.