Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/9/2019
09:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee to Acquire NanoSec to Enhance Capabilities in Cloud Security

NanoSec's multi-cloud, zero-trust application visibility and security platform further extend McAfee's cloud access security broker (CASB) and cloud workload protection platform (CWPP) capabilities.

Santa Clara, Calif., August 9, 2019 – McAfee, the device-to-cloud cybersecurity company, today announced the acquisition of NanoSec, a multi-cloud, zero-trust application and security platform. The acquisition will enable organizations to improve governance and compliance and to reduce risk of their cloud and container deployments.

Organizations are increasingly looking to adopt container technologies to help modernize legacy applications and create new cloud-native applications that are scalable and agile. Gartner predicts that “by 2022, more than 75% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 30% today1.” Gartner recommends the following security and governance best practice, “security can’t be an afterthought. It needs to be embedded in the DevOps process, which Gartner refers to as ‘DevSecOps’. Organizations need to plan for securing the containerized environment across the entire life cycle, which includes the build and development process, deployment and run phase of an application.”1

The acquisition of NanoSec will strengthen the container security capabilities of McAfee MVISION Cloud and MVISION Server Protection products, giving its customers the ability to speed up application delivery while enhancing governance, compliance and security of their hybrid, multi-cloud deployments. NanoSec’s security capabilities will be applied to applications and workloads deployed in containers and Kubernetes and will be integrated into McAfee MVISION Cloud and MVISION Server Protection offerings. These capabilities include continuous configuration compliance and vulnerability assessment as well as runtime application-level segmentation for detecting and preventing lateral movement of threats.

“McAfee’s focus and innovation have allowed it to deliver industry-leading cloud security capabilities to help our customers securely leverage the cloud to accelerate their business,” said Rajiv Gupta, senior vice president and general manager of the cloud security business unit, McAfee. “NanoSec’s technology is a natural extension for McAfee MVISION Cloud, enhancing our current CASB and CWPP products, and adding to our ‘Shift-Left’ capabilities to deliver on the DevSecOps best practice to improve governance and security. NanoSec’s team brings a wealth of experience to McAfee, and together we are committed to enabling organizations to reach their full cloud potential.”

“Joining forces with McAfee means that our groundbreaking capabilities including our unique application-identity based approach for app-level protection and micro-segmentation will be available on a global scale,” said Vishwas Manral, founder and CEO of NanoSec. “McAfee has demonstrated not only its leadership in cloud security, but its desire to continually innovate and deliver new capabilities that reshape how organizations can operate workloads and applications safely in the cloud. It felt like a natural fit to join McAfee to deliver to application development and security professionals greater visibility and control over detecting, responding and resolving threats to reduce risk.”

McAfee’s acquisition of NanoSec further demonstrates how McAfee is working to integrate security natively into DevSecOps processes and toolsets to discover and address security issues before applications are deployed. 

Terms of the acquisition were not disclosed.

For more information about McAfee’s market-leading cloud security, please visit:

·       McAfee MVISION Cloud

·       Cloud Adoption and Risk Report

Gartner Best Practices for Running Containers and Kubernetes in Production, Arun Chandrasekaran, 25 February 2019

 

About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. www.mcafee.com 

About NanoSec

NanoSec, based in Cupertino, Calif., with an office in Bengalaru, is a pioneer in application-centric security solutions aimed at protecting data center and cloud traffic. Its zero-trust security platform simplifies cloud application workload protection that effortlessly expands security protection across multiple computing and containerized environments, independent of the underlying infrastructure.

###

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. No computer system can be absolutely secure. McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4662
PUBLISHED: 2020-08-14
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...