Skip to main content
McAfee MVISION Cloud

About MVISION Cloud Container Security

A container is a unit of software code that includes all of the components and dependencies required for it to run, no matter what platform or computing environment. Many software developers have moved to using containers for flexibility, scalability, portability, and speed of development. But containers are highly dynamic and always changing. How do you secure them? 

MVISION Cloud Container Security provides the following features:

Cloud Security Posture Management (CSPM)

Cloud Security Posture Management (CSPM) is provided as Security Configuration Audit for container infrastructure and orchestration systems such as Kubernetes. Configuration Audit makes sure that the environment’s configuration is not a source of risk. It also secures the environment configuration from drifting over time, exposing unintentional risks. Configuration Audit supports CIS Benchmark tests for Kubernetes and CIS benchmark tests for Docker.

Supported platforms include:

  • Amazon Web Services
    • Amazon Elastic Container Service (ECS)
    • Amazon Elastic Kubernetes Service (EKS)
    • AWS Fargate ECS
    • AWS Fargate EKS
    • AWS Docker
  • Google Kubernetes Engine (GKE)
  • Azure Kubernetes Service (AKS)

Container Vulnerability Scan (CVS)

MVISION Cloud Container Vulnerability Scan (CVS) assesses the vulnerability of container components. The scan evaluates the code embedded in containers at build time, and periodically after that, to make sure that known risks are exposed or mitigated to reduce the opportunities malicious actors have to exfiltrate a container workload.

Supported platforms include:

  • Amazon Elastic Container Registry (ECR)
  • Google Container Registry (GCR)
  • Microsoft Azure Container Registry (ACR)
  • API-based support for scanning manifest through ENS

Shift Left

MVISION Cloud Shift Left functionality scans the DevOps Infrastructure as Code (IaC) templates to review container infrastructure configuration before it is deployed.

Current supported templates are Helm and CloudFormation for the below supported platforms include:

  • Amazon Elastic Container Service (ECS)
  • Amazon Elastic Kubernetes Service (EKS)

Runtime Threat Detection

MVISION Cloud Runtime Threat Detection identifies threats at run time to find any issues in the environments, including functionality like discovery, whitelisting, exploit prevention, and segmentation. 

These features are supported as part of the MVISION Cloud NanoSec product in limited beta: 

  • Discovery on any cloud
  • Whitelisting the app process tree, communication behavior
  • NanoSegmentation using learning from past known behavior
  • Was this article helpful?