McAfee integrates security into the DevOps process with validator for AWS CloudFormation
McAfee, the device-to-cloud cybersecurity company, announced updates to McAfee MVISION Cloud for Amazon Web Services (AWS) that will help customers “Shift Left” with security to preemptively improve compliance and reduce risk within their cloud infrastructure.
With McAfee MVISION Cloud, security is pushed earlier into the DevOps process so that security professionals can catch risky configurations before they become a threat in production. This gives organizations the ability to confidently deploy applications in the cloud with greater speed and efficiency.
While Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) environments provide customers with an opportunity to have greater control over their cloud infrastructure, they also increase the organization’s surface area for security risks.
With the new features in McAfee MVISION Cloud for AWS, security groups can integrate natively into DevOps processes and toolsets to discover security issues before systems are deployed to accelerate business in the cloud. New capabilities include:
- Security scans for AWS CloudFormation Templates: allows users to discover risky configuration issues or violations in AWS CloudFormation Templates prior to deploying resources.
- Resolve security issues at the source: finds the root cause of security or misconfiguration issues at the source, preventing the propagation and subsequent clean-up of issues once systems are live.
- Preemptive risk avoidance: ensures compliance with regulatory frameworks and reduces the likelihood of data loss, abuse or fines associated with improper security controls.
According to the McAfee Cloud Adoption and Risk Report, enterprise organizations have an average of 14 misconfigured IaaS/PaaS instances running at any time, resulting in over 2,269 individual misconfiguration incidents per month.
Most IaaS and PaaS configuration audit tools focus on evaluating the risk of resources that are already live. Scanning systems once they are live allows any risk from misconfiguration to be exposed until they are discovered and remediated.
These issues are then repeatedly recreated when the suspect templates are used to provision more systems resulting in a proliferation of real risk in potentially large numbers of live systems. And then this problem is further repeated across the many development teams in the organization.
“Resolving issues at the template level as part of a security practice integrated into the DevOps process removes the risk of systems running with unresolved misconfigurations, reduces the workload of infrastructure teams by employing a fix once at the source and gives security teams the ability to enact and evaluate security policies from one central location,” said Rajiv Gupta, senior vice president of the cloud business, McAfee.
“With McAfee MVISION Cloud, security professionals can gain better visibility and control over their cloud resources and detect and respond to threats earlier in the development lifecycle.”
“McAfee’s market-leading CASB technology builds on AWS’s existing security capabilities by providing a uniform approach to visibility and response to threats, compliance status, configuration management, drift, and sensitive data protection through comprehensive and consistent policies,” said Maka Guerrero, senior IT security analyst at Pacific Dental Services.
“The new ‘Shift Left’ capabilities will allow us to sort, prioritize, and resolve security issues pre-emptively so we can improve our compliance and reduce the risk within our cloud infrastructure.”
“We’re delighted to see that McAfee is helping improve how companies operate infrastructure safely in the cloud,” said Rohit Gupta, Global Ecosystem Lead-Security, Amazon Web Services, Inc. “McAfee MVISION Cloud helps DevOps teams focus on implementing security as opposed to reacting to incidents after the fact—creating an additional layer of security for customer workloads on AWS.”
McAfee MVISION Cloud for AWS provides an exhaustive cloud security solution that works consistently across IaaS, PaaS and Software-as-a-Service (SaaS) environments.
It integrates quickly and seamlessly through an application programming interface (API) with AWS infrastructure to enforce security controls that span from the IaaS/PaaS infrastructure all the way up to custom applications to help enterprises meet their security, compliance and governance requirements.