A cloud-native application protection platform is a simplified security architecture that enables enterprises to holistically benefit from the cloud-native ecosystem. It enables them to leapfrog the cost and complexity of siloed security products to a continuous security fabric without major investments in tools or developer talent.

Today, the ROI for digital transformation is business survival vs. merely business growth as it was pre-pandemic. All organizations wish to leverage the agility and innovation velocity of the public cloud to enable their digital transformation mandate, either solely or in concert with private data centers. However, in order to do that, organizations need a cloud-native platform to address the unique security needs of this new environment.

What are the key challenges of Cloud-Native Application Security? And why is it important to have a CNAPP?

Lack of Visibility into Cloud-Native Applications and Workloads

The modern enterprise is a complex conundrum. Since the beginning of 2020, there has been a 50% increase in cloud usage. Modern Enterprises have grown organically, migrating to the cloud as needed often ending up with a heterogeneous mix of siloed security products managed by siloed security teams. Further, the infrastructure environment is ephemeral. A new persona has emerged such as DevSecOps. Enterprises can only secure what they see, and they need comprehensive visibility across all cloud-native workloads and applications.

Inability to Measure Cumulative Risk for Cloud-Native Applications and Workloads

Cloud-Native Applications are continuously developed and deployed (CI/CD), and modern enterprises lack a way to measure cumulative risk. This includes risks related to misconfigurations and mismanagement that lead to 99% of cloud security breaches for example lack of Identity and Access Management policy-related errors, unnecessary privileges, leaving default public access to sensitive services like MongoDB, Databases, etc.

Beginning in March 2020, there is a 630% increase in third-party attacks on cloud services. The kind of attacks that bad actors are going after are identifying the location of sensitive data, finding out how to exploit misconfigurations (users, identity, and infrastructure configuration), and exploiting vulnerabilities in software as a launching pad to expand and exfiltrate data.  Security and Risk Management leaders need a cumulative risk measure across all vectors of cloud-native applications and workloads.

DevOps Transition to DevSecOps for Cloud-Native Application Security

The spotlight is shining brightly on developers whose role has evolved and expanded from simply CI/CD to enable strategic business outcomes. Enterprises want to unleash their developers to develop compelling and compliant applications to enable strategic business outcomes. Security now needs to be integrated into the software development life cycle (SDLC), breaking the traditional silo’s between Security and DevOps teams. Enabling Infrastructure-as-Code best practices includes vulnerability assessment of images as soon as they are built so that only attested images are deployed, continuous monitoring, automated checks, version control, etc. This adds significantly to the complexity of managing cloud-native resources, and enterprises need a simpler way to leapfrog this complexity without significant investment in developer time and talent.

Components of Cloud-Native Application Protection Platform

According to Gartner, there is synergy in combining CWPP and CSPM capabilities, and multiple vendors are pursuing this strategy. The combination will create a new category of Cloud-Native Application Protection (CNAPs) that scan workloads and configurations in development and protect workloads and configurations at runtime”.

  • Cloud Security Posture Management (CSPM):
    The biggest cloud breaches are caused by customer misconfiguration, mismanagement and mistakes. CSPM are security tools to enable compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization. It is imperative for ecurity and risk management leaders to enable cloud security posture management processes to proactively identify and address data risks.

  • Cloud Workload Protection Platforms (CWPP):
    CWPP is an agent-based. workload security protection technology. CWPP addresses unique requirements of server workload protection in modern hybrid data center architectures including on-premises, physical and virtual machines (VMs) and multiple public cloud infrastructure. This includes support for container-based application architectures.

What is MVISION CNAPP?

MVISION CNAPP is the industry’s first platform to bring application and risk context to converge Cloud Security Posture Management (CSPM) for public cloud infrastructure, and Cloud Workload Protection (CWPP) to protect hosts and workloads including VMs, containers, and serverless functions.

McAfee MVISION CNAPP extends MVISION Cloud’s data protection – both Data Loss Prevention and malware detection – threat prevention, governance and compliance to comprehensively address the needs of this new cloud-native application world thereby improving security capabilities and reducing the Total Cost of Ownership of cloud security.

5 Key elements of MVISION CNAPP

MVISION Cloud-Native Application Protection Platform (CNAPP), is an integrated architecture to secure the cloud-native application ecosystem. MVISION CNAPP delivers consistent data protection, threat prevention, governance, and compliance throughout the cloud-native application lifecycle, including container and OS-based workloads. It comprises of 5 elements:

  1. Deep Discovery and Risk Based Prioritization: The ability to discover all cloud resources and prioritize them based on risk. MVISION CNAPP uniquely provides deep discovery of all workloads, data, and infrastructure across endpoint, networks, and cloud.

  2. Shift Left: The ability to protect against configuration drift and provide vulnerability assessment across virtual machines, containers, and serverless environments. This helps unleash developer productivity through frictionless automation.

  3. Zero Trust and Runtime: The ability to build policy based on zero trust, behavioral observation to eliminate false positives and achieve scale with known good behavior enforcement.

  4. MITRE ATT&CK Framework: The ability to empower the Security Operations Center (SOC) by mapping cloud-native threats to the MITRE ATT&CK framework for expedient remediation.

  5. Governance and Compliance: The ability to automate security controls for continuous compliance and governance of data and permissions.

Five Key Elements