McAfee MVISION Cloud helps
customers ‘shift left’ with security
cAfee, the device-to-cloud
cybersecurity company,
has announced updates to
McAfee MVISION Cloud for Microsoft
Azure that will help customers ‘shift
left’ with security to pre-emptively help
to address compliance and risk within
their cloud infrastructure.
M
With McAfee MVISION Cloud, security is
pushed earlier into the DevOps process
so that security professionals can catch
risky configurations before they become
a threat in production. This gives
organisations the ability to confidently
deploy applications in the cloud with
greater speed and efficiency.
While Infrastructure-as-a-Service (IaaS)
and Platform-as-a-Service (PaaS)
environments provide customers with
choice and flexibility, if not configured
correctly they also potentially increase
the organisation’s surface area for
security risks. With the new features
in McAfee MVISION Cloud for Azure,
security groups can integrate policy
natively into DevOps processes and
toolsets to discover security issues
before systems are deployed to
accelerate business in the cloud.
www.intelligentciso.com
|
Issue 20
Security Scans for Azure Resource
Manager Templates: allows users to
discover risky configuration issues or
violations in Azure Resource Manager
Templates prior to deploying resources.
Inline integration with the tools
developers use: security checks
inside the DevOps pipeline through API
integration with popular tools including
Microsoft Git, Github and Azure DevOps.
Security Feedback is natively integrated
into the build process saving time, effort
and frustration.
Unified Cloud Security for Azure
Ecosystem: allows developers to
leverage Azure services knowing
security will be built-in by design (IaaS/
PaaS/Container services) aligning
closely to the Cloud Security Posture
Management (CSPM) best practices.
Pre-emptive Risk Avoidance: improves
compliance with regulatory frameworks
and reduces the likelihood of data loss,
abuse or fines associated with improper
security controls by highlighting
security findings before they become
security incidents.
Shifting Left gives organisations the
ability to avoid common security-
related issues. According to Cloud-
Native: The Infrastructure-as-a-Service
Adoption and Risk Report, 99% of IaaS
misconfigurations go unnoticed.
Most IaaS, PaaS and container
configuration audit tools focus on
evaluating the risk of resources that are
already live. Scanning systems once
they are live is important for detecting
configuration drift, but it also allows risks
from misconfiguration to be exposed until
they are discovered and remediated.
If left unfound, these issues are then
recreated when the suspect templates
are used to provision more systems
resulting in a proliferation of real risk
in large numbers of live systems.
Potentially, this problem is further
repeated across the many development
teams in the organisation.
“Developers increasingly leverage
modern DevOps tools to operate at the
‘speed of cloud’ to help transform their
organisations,” said Rajiv Gupta, Senior
Vice President of Cloud Security, McAfee.
“By integrating with the DevOps tools,
McAfee MVISION Cloud for Microsoft
Azure will help security teams remove
the risk of systems running with
unresolved misconfigurations, reduce
the workload of infrastructure teams
by employing a fix once at the source
and give them the ability to enact and
evaluate security policies from one
central location without adding friction to
the development teams.”
The new ‘shift left’ capabilities in McAfee
MVISION Cloud for Microsoft Azure are
available now. u
Developers
increasingly leverage
modern DevOps tools
to operate at the
‘speed of cloud’ to
help transform their
organisations.
Rajiv Gupta, Senior Vice President of Cloud
Security, McAfee.
New capabilities include:
55