Skip to main content
McAfee Enterprise MVISION Cloud

About MVISION CNAPP Container Security

A container is a unit of software code that includes all components and dependencies required for it to run, no matter what platform or computing environment. Many software developers have moved to using containers for flexibility, scalability, portability, and speed of development. But containers are highly dynamic and always changing. How do you secure them? 

MVISION CNAPP Container Security provides the following features:

Cloud Security Posture Management (CSPM)

Cloud Security Posture Management (CSPM) is provided as Security Configuration Audit for container infrastructure and orchestration systems such as Kubernetes. Configuration Audit makes sure that the environment’s configuration is not a source of risk. It also secures the environment configuration from drifting over time, exposing unintentional risks. Configuration Audit supports CIS Benchmark tests for Kubernetes and CIS benchmark tests for Docker.

Supported platforms include:

  • Amazon Web Services
    • Amazon Elastic Container Service (ECS)
    • Amazon Elastic Kubernetes Service (EKS)
    • AWS Fargate ECS
    • AWS Fargate EKS
    • AWS Docker
  • Google Kubernetes Engine (GKE)
  • Azure Kubernetes Service (AKS)

Container Vulnerability Scan

MVISION CNAPP Container Vulnerability Scan assesses the vulnerability of container components. The scan evaluates the code embedded in containers at build time, and periodically after that, to make sure that known risks are exposed or mitigated to reduce the opportunities malicious actors have to exfiltrate a container workload.

Supported platforms include:

  • Amazon Elastic Container Registry (ECR)
  • Amazon Elastic Cloud Compute (EC2)
  • Google Container Registry (GCR)
  • Google Compute Engine (GCE)
  • Microsoft Azure Container Registry (ACR)
  • Microsoft Azure Virtual Machine
  • API-based support for scanning manifest through McAfee Enterprise Endpoint Security

Shift Left

MVISION CNAPP Shift Left functionality scans the DevOps Infrastructure as Code (IaC) templates to review container infrastructure configuration before it is deployed.

Current supported templates are Helm and CloudFormation for the following supported platforms include:

  • Amazon Elastic Container Service (ECS)
  • Amazon Elastic Kubernetes Service (EKS)

Runtime Threat Detection

MVISION CNAPP for container environments can identify threats at runtime to find issues in supported environments, including discovery, process allowlisting, and workload hardening. MVISION CNAPP supports Docker as a container runtime environment.

  • Was this article helpful?