VMware, Inc. unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes. The new solution will help increase visibility, enable compliance and enhance security for containerized applications from build to production in the public cloud and on-premises environments. Comprehensive cloud platform “Containers and Kubernetes are enabling organisations to develop and modernize applications faster than ever, but the innovation is also expanding the attack surface,” said Patrick Morley, senior vice president, and general manager, Security Business Unit, VMware. “Our solution extends security to containers and Kubernetes to deliver one of the industry’s most comprehensive cloud workload protection platforms. With security built into the development and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds.” Addressing threats For many organizations, migrating to the cloud has had to happen quickly and at a large scale to ensure business continuity amid the global pandemic. Development teams are looking to containers and Kubernetes for speed and the ability to scale application delivery. According to Gartner, “by 2025 more than 85 percent of global organizations will be running containerized applications in production, which is a significant increase from fewer than 35 percent in 2019.” Organisations need security for modern workloads to address a new set of threats and build resilient digital infrastructure. Better Security VMware Carbon Black Cloud Container builds security to analyse and control application risks Security is especially complex in multi-cloud infrastructures. VMware Carbon Black Cloud Container builds security into the continuous integration and delivery (CI/CD) pipeline to analyse and control application risks before they are deployed into production. Expanding the VMware Carbon Black Cloud Workload offering, the new capabilities will enable organizations to better secure containerized applications in Kubernetes environments. The solution shifts security left to protect the entire lifecycle of Kubernetes applications. InfoSec teams can now scan containers and Kubernetes configuration files early in the development cycle to address vulnerabilities with unparalleled visibility. The solution provides continuous cloud-native security and compliance to better secure applications and data wherever they live. Enable Collaboration for InfoSec and DevOps Teams Containers and Kubernetes offer development teams flexibility with an infrastructure-as-code approach. However, security is often a roadblock to faster production deployments and later bolted on as an afterthought. The VMware container security module will empower InfoSec and DevOps teams to better collaborate and identify risks earlier in the development cycle with built-in security. The expanded offering will provide a new vantage point to allow cross-functional teams to detect and fix vulnerabilities to achieve simple, more secure multi-cloud Kubernetes environments. Comprehensive solution for InfoSec VMware’s expanded cloud workload protection capabilities will deliver a comprehensive solution for InfoSec teams including: Security Posture Dashboard: Provides a combined view of vulnerabilities and misconfigurations to enable complete visibility into security posture across Kubernetes workload inventory. InfoSec and DevOps teams can gain deep visibility into workload security posture and governance to enable compliance, with the ability to freely explore Kubernetes workload configuration via customized queries. Container Image Scanning and Hardening: InfoSec and DevOps teams can scan all container images to identify vulnerabilities and restrict the registries and repositories that are allowed in production. Teams can set minimum standards for security and compliance, generate compliance reports and follow CIS benchmarks and Kubernetes best practices. Prioritized Risk Assessment: Vulnerability assessments allow InfoSec and DevOps teams to review images running in production and only approved images are deployed. Security teams can use the prioritized risk assessment to detect and prevent vulnerabilities by scanning Kubernetes manifests and clusters. Compliance Policy Automation: Infosec teams can shift left into the development cycle, streamline compliance reporting, and automate policy creation against industry standards such as NIST, as well as the customer’s organizational requirements. This enables the integrity of Kubernetes configurations through control and visibility of workloads that are deployed to an organization’s clusters. Customizable policies help enforce configuration by blocking or alerting on exceptions. The Future of Intrinsic Security with VMware Carbon Black and Tanzu The container security module complements the VMware Tanzu portfolio. Select Tanzu editions include a global control plane for centralized management of all aspects of cluster lifecycle, including policies for access, data protection, and more. Customers can now add powerful security for containers and Kubernetes applications while simplifying operations for InfoSec and DevOps teams. Customer Quote DoubleVerify ensures viewable, fraud-free, brand-safe ads. DoubleVerify powers the new standard of digital marketing performance, ensuring viewable, fraud-free, brand-safe ads. “It’s important that we have full visibility into the risk of our entire Kubernetes workload environment, as well as the ability to detect and prevent vulnerabilities before containers are deployed,” said Roy Berko, Senior Director of DevOps, DoubleVerify. “With VMware’s container security offering, we now have instant visibility to help reduce risk of our containerized applications all from a single dashboard.” Analyst Quote IDC is the premier global market intelligence firm, examining consumer markets by devices, applications, networks, and services “Kubernetes has become the de-facto best-practice standard for developing cloud-native applications, yet developers are still leveraging siloed and inefficient tools with limited cross-organisation visibility,” said Frank Dickson, Program Vice President, Security & Trust at IDC. “VMware’s container security offering provides an opportunity for security and DevOps teams to work more closely together to leverage the power of Kubernetes and better secure the unique lifecycle development processes of container-based applications.” Product Availability VMware container image scanning and CI/CD integration capabilities are expected to be available in April 2021. Runtime security for detection and response will be available later this year.
Check Point has extended the capabilities of its unified CloudGuard Cloud Native Security platform with the launch of new CloudGuard Application Security (AppSec), a fully automated web application and API protection solution, enabling enterprises to secure all their cloud-native applications against both known and zero-day attacks. CloudGuard AppSec, part of the CloudGuard Workload Protection capabilities, eliminates the need for manual tuning and high rate of false-positive alerts associated with legacy Web Application Firewalls (WAFs), using contextual AI to prevent attacks from impacting cloud applications and enabling enterprises to take full advantage of cloud speed and agility. Web Application Firewalls (WAFs) WAFs cannot keep up with the speed of breaches at which today’s cloud-native applications evolve Web application breaches doubled in 2020 but legacy rule based WAFs cannot keep up with the speed at which today’s cloud-native applications evolve. These first-generation approaches rely on threat signatures and complex manual rule tuning. This problem is magnified as organisations move to running containerised apps: a 2020 container usage study found that 49% of all containers are live for less than 5 minutes, and 21% for less than 10 seconds. These rapid changes cause legacy WAFs to produce an unsustainable overload of false positive alerts and manual admin work, often forcing security teams to leave these solutions in ‘alert only’ Automation of application security “Web applications are increasingly targeted by criminals, but traditional WAFs are simply unable to keep pace with the speed at which today’s cloud apps change and demand constant manual management, which leaves organisations dangerously exposed to attacks and costly breaches,” said TJ Gonen, Head of Cloud Product Line, at Check Point Software. “Our strategy is to help enterprises secure their most critical workloads – their applications and data – with a unified platform that protects all workloads, including serverless functions and containers, from code to application runtime, all at the speed of DevOps. CloudGuard AppSec simply automates all aspects of application security, with virtually no need for ongoing management, in any cloud environment or infrastructure.” Integrated security "Protecting workloads and applications in the cloud requires a holistic suite of capabilities,” said Frank Dickson, Program Vice President of Security & Trust at IDC Research. “However, the journey to workload protection starts with securing your web applications and APIs. Check Point addresses this need for integrated application security and demonstrates their cloud acumen with the introduction of CloudGuard’s newest capability which includes automated application security." CloudGuard AppSec security capabilities Continuous protection for applications as they evolve: CloudGuard AppSec blocks application attacks such as site defacing, information leakage, user session hijacking, and all of the OWASP Top 10 web application security risks. The solution’s AI engine continually adapts to application changes and self-updates to ensure continuous security. Advanced API attack prevention: As applications evolve, they create and expose more APIs. CloudGuard AppSec automatically blocks criminals from leveraging APIs to expose sensitive data, inject commands or to extract API keys. Automated bot protection: CloudGuard AppSec uses behavioral analysis to distinguish between human and non-human interactions with applications, to prevent credential stuffing, brute force attacks and site scraping, and offers customisable protection to manage non-malicious web bots. Customer feedback “We needed the ability to protect our unique application and the various types of data it processes in our complex, dynamic Google Kubernetes environment,” said Mark Unak, CTO at Harqen.ai. “Thanks to Check Point’s CloudGuard application security solution, we now have a best-in-class, automated prevention against the internet’s most hostile and advanced security threats.”
Qualys, Inc., a pioneer and renowned provider of cloud-based security and compliance solutions, announced its research team, using the Qualys Cloud Platform, has identified 7.54 million vulnerabilities related to FireEye Red Team assessment tools and compromised versions of SolarWinds Orion, tracked as Solorigate or SUNBURST, across its 15,700-member customer base. Of the vulnerabilities identified, researchers noted that across 5.29 million unique assets most are related to the FireEye Red Team tools. These findings highlight the scope of the potential attack surface if these tools are misused. The research team further identified that 99.84% of the 7+ million vulnerability instances are from eight vulnerabilities in Microsoft software that have patches available. IT and security organisations Qualys' solution draws from its native security and compliance platform to deliver vulnerability management" To help mitigate risk and exposure from this breach, Qualys is providing IT and security teams free 60-day access to its integrated Vulnerability Management, Detection and Response service, which leverages the power of the Qualys Cloud Platform. More information can be found on the Qualys advisory blog. “The Qualys free solution provides much-needed visibility and response in a single app that many need at a time when IT and security organisations around the world are scrambling to shore up their systems,” said Frank Dickson, Program Vice President, Security and Trust at IDC. Deliver vulnerability management “Qualys' solution draws from its native security and compliance platform to deliver vulnerability management, detection and response, the ability to detect malware, and the integrity of files. It is great solution, easy to use and deploy, and it’s hard to beat as it is free.” “The scope of this nation-state attack is massive, as overnight a widely used and trusted piece of software turned into known malware,” said Sumedh Thakar, President and Chief Product Officer at Qualys. Full situational awareness Qualys teams have been actively researching the issue and helping customers assess their environments" “Since its discovery, Qualys teams have been actively researching the issue and helping customers assess their environments. The good news is that nearly all of the CVE’s are patchable, and we’ve made this solution available to the industry so they can immediately work to protect themselves from being exploited by these vulnerabilities.” Qualys is offering a fully functional licence free for 60 days. The licence enables full situational awareness, detection, and remediation to reduce risk and exposure from the SolarWinds and FireEye breaches. It includes: Real-time, up-to-date inventory and automated organisation of all assets, applications, and services running across the hybrid-IT environment Continuous view of all critical vulnerabilities and their prioritisation based on real-time threat indicators and attack surface Automatic correlation of applicable patches for identified vulnerabilities Patch deployment via Qualys Cloud Agents with zero impact to VPN bandwidth Security configuration hygiene assessment to apply as compensating controls to reduce vulnerability risk Unified dashboards that consolidate all insights for management visualisation via a single pane of glass Integrated security solution “As our teams assessed the very sophisticated SolarWinds / FireEye nation-state attack, we realised that we could help the industry through our very powerful unified Cloud Platform. The integrated security solution provides real-time visibility across the entire global and hybrid IT environment allowing it to detect and prioritise critical vulnerabilities, identify malware and effectively respond all from one single pane of glass,” said Philippe Courtot, Chairman and CEO of Qualys.