VMware,
Inc. unveiled expanded cloud workload protection
capabilities to deliver security for containers and Kubernetes. The new
solution will help increase visibility, enable compliance and enhance
security for containerized applications from build to production in
public cloud and on-premises environments.
"Containers
and Kubernetes are enabling organizations to develop and modernize
applications faster than ever, but the innovation is also expanding the
attack surface," said Patrick Morley, senior vice president and general
manager, Security Business Unit, VMware. "Our solution extends security
to containers and Kubernetes to deliver one of the industry's most
comprehensive cloud workload protection platforms. With security built
into the development and deployment of applications, we are bridging the
gap between the SOC and DevOps teams to help our customers reduce the
risks that come with running containers across clouds."
For
many organizations, migrating to the cloud has had to happen quickly
and at a large scale to ensure business continuity amid the global
pandemic. Development teams are looking to containers and Kubernetes for
speed and the ability to scale application delivery. According to
Gartner, "by 2025 more than 85 percent of global organizations will be
running containerized applications in production, which is a significant
increase from fewer than 35 percent in 2019." Organizations now need security for modern workloads to address a new set of threats and build resilient digital infrastructure.
Better Secure the Complete Lifecycle of Kubernetes Applications
Security
is especially complex in multi-cloud infrastructures. VMware Carbon
Black Cloud Container builds security into the continuous integration
and delivery (CI/CD) pipeline to analyze and control application risks
before they are deployed into production. Expanding the VMware Carbon Black Cloud Workload offering,
the new capabilities will enable organizations to better secure
containerized applications in Kubernetes environments. The solution
shifts security left to protect the entire lifecycle of Kubernetes
applications. InfoSec teams can now scan containers and Kubernetes
configuration files early in the development cycle to address
vulnerabilities with unparalleled visibility. The solution provides
continuous cloud-native security and compliance to better secure
applications and data wherever they live.
Enable Collaboration for InfoSec and DevOps Teams
Containers
and Kubernetes offer development teams flexibility with an
infrastructure-as-code approach. However, security is often a roadblock
to faster production deployments and later bolted-on as an afterthought.
The VMware container security module will empower InfoSec and DevOps
teams to better collaborate and identify risks earlier in the
development cycle with built-in security. The expanded offering will
provide a new vantage point to allow cross-functional teams to detect
and fix vulnerabilities to achieve simple, more secure multi-cloud
Kubernetes environments.
VMware's expanded cloud workload protection capabilities will deliver a comprehensive solution for InfoSec teams including:
- Security Posture Dashboard:
Provides a combined view of vulnerabilities and misconfigurations to
enable complete visibility into security posture across Kubernetes
workload inventory. InfoSec and DevOps teams can gain deep visibility
into workload security posture and governance to enable compliance, with
the ability to freely explore Kubernetes workload configuration via
customized queries.
- Container Image Scanning and Hardening:
InfoSec and DevOps teams can scan all container images to identify
vulnerabilities and restrict the registries and repositories that are
allowed in production. Teams can set minimum standards for security and
compliance, generate compliance reports and follow CIS benchmarks and
Kubernetes best practices.
- Prioritized Risk Assessment:
Vulnerability assessments allow InfoSec and DevOps teams to review
images running in production and only approved images are deployed.
Security teams can use the prioritized risk assessment to detect and
prevent vulnerabilities by scanning Kubernetes manifests and clusters.
- Compliance Policy Automation:
Infosec teams can shift-left into the development cycle, streamline
compliance reporting, and automate policy creation against industry
standards such as NIST, as well as the customer's organizational
requirements. This enables the integrity of Kubernetes configurations
through control and visibility of workloads that are deployed to an
organization's clusters. Customizable policies help enforce
configuration by blocking or alerting on exceptions.
The Future of Intrinsic Security with VMware Carbon Black and Tanzu
The
container security module compliments the VMware Tanzu portfolio.
Select Tanzu editions include a global control plane for centralized
management of all aspects of cluster lifecycle, including policies for
access, data protection, and more. Customers can now add powerful
security for containers and Kubernetes applications while simplifying
operations for InfoSec and DevOps teams.
DoubleVerify powers the new standard of digital marketing performance, ensuring viewable, fraud-free, brand-safe ads.
"It's
important that we have full visibility into the risk of our entire
Kubernetes workload environment, as well as the ability to detect and
prevent vulnerabilities before containers are deployed," said Roy Berko,
Senior Director of DevOps, DoubleVerify. "With VMware's container
security offering, we now have instant visibility to help reduce risk of
our containerized applications all from a single dashboard."
IDC is the premier global market intelligence firm, examining consumer markets by devices, applications, networks, and services
"Kubernetes
has become the de-facto best practice standard for developing
cloud-native applications, yet developers are still leveraging siloed
and inefficient tools with limited cross organization visibility," said
Frank Dickson, Program Vice President, Security & Trust at IDC.
"VMware's container security offering provides an opportunity for
security and DevOps teams to work more closely together to leverage the
power of Kubernetes and better secure the unique lifecycle development processes of container-based applications."
Product Availability
VMware
container image scanning and CI/CD integration capabilities are
expected to be available in April 2021. Runtime security for detection
and response will be available later this year.