McAfee Makes Container Security Play With NanoSec Buy

Written by

McAfee has announced the acquisition of cloud security start-up NanoSec in a move designed to help reduce container-related risk for its customers and accelerate DevSecOps.

Cupertino-based NanoSec is described as a pioneer in simplifying app workload protection, with a zero-trust offering that works across multiple computing and containerized environments irrespective of the underlying infrastructure.

The tie-up will enhance McAfee’s MVISION Cloud and MVISION Server Protection products, enabling customers to accelerate the speed of application development whilst mitigating risk, meeting compliance requirements and enhancing governance across hybrid, multi-cloud deployments, the firm said.

NanoSec capabilities set to be applied to apps and workloads in containers and Kubernetes environments include: continuous configuration compliance and vulnerability assessment, plus runtime application-level segmentation for detecting and preventing lateral movement.

“NanoSec’s technology is a natural extension for McAfee MVISION Cloud, enhancing our current CASB and CWPP products, and adding to our ‘Shift-Left’ capabilities to deliver on the DevSecOps best practice to improve governance and security,” argued Rajiv Gupta, senior vice president and general manager of the cloud security business unit, McAfee.

“NanoSec’s team brings a wealth of experience to McAfee, and together we are committed to enabling organizations to reach their full cloud potential.”

The acquisition is a timely one considering the growing popularity of containers in DevOps organizations.

Gartner said in April that by 2022, over three-quarters of global organizations will be running containerized applications in production, a major increase on today’s figure of fewer than 30%.

Yet although containers represent a great way to speed up app delivery, modernize legacy apps and create new cloud-native ones, current ecosystems are immature and security must be embedded in environments across the entire life cycle, the analyst claimed.

“Although there is growing interest and rapid adoption of containers, running them in production requires a steep learning curve due to technology immaturity and lack of operational know-how,” said Arun Chandrasekaran, distinguished VP analyst.

“I&O teams will need to ensure the security and isolation of containers in production environments while simultaneously mitigating operational concerns around availability, performance and integrity of container environments.”

What’s hot on Infosecurity Magazine?