Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/9/2019
09:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee to Acquire NanoSec to Enhance Capabilities in Cloud Security

NanoSec's multi-cloud, zero-trust application visibility and security platform further extend McAfee's cloud access security broker (CASB) and cloud workload protection platform (CWPP) capabilities.

Santa Clara, Calif., August 9, 2019 – McAfee, the device-to-cloud cybersecurity company, today announced the acquisition of NanoSec, a multi-cloud, zero-trust application and security platform. The acquisition will enable organizations to improve governance and compliance and to reduce risk of their cloud and container deployments.

Organizations are increasingly looking to adopt container technologies to help modernize legacy applications and create new cloud-native applications that are scalable and agile. Gartner predicts that “by 2022, more than 75% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 30% today1.” Gartner recommends the following security and governance best practice, “security can’t be an afterthought. It needs to be embedded in the DevOps process, which Gartner refers to as ‘DevSecOps’. Organizations need to plan for securing the containerized environment across the entire life cycle, which includes the build and development process, deployment and run phase of an application.”1

The acquisition of NanoSec will strengthen the container security capabilities of McAfee MVISION Cloud and MVISION Server Protection products, giving its customers the ability to speed up application delivery while enhancing governance, compliance and security of their hybrid, multi-cloud deployments. NanoSec’s security capabilities will be applied to applications and workloads deployed in containers and Kubernetes and will be integrated into McAfee MVISION Cloud and MVISION Server Protection offerings. These capabilities include continuous configuration compliance and vulnerability assessment as well as runtime application-level segmentation for detecting and preventing lateral movement of threats.

“McAfee’s focus and innovation have allowed it to deliver industry-leading cloud security capabilities to help our customers securely leverage the cloud to accelerate their business,” said Rajiv Gupta, senior vice president and general manager of the cloud security business unit, McAfee. “NanoSec’s technology is a natural extension for McAfee MVISION Cloud, enhancing our current CASB and CWPP products, and adding to our ‘Shift-Left’ capabilities to deliver on the DevSecOps best practice to improve governance and security. NanoSec’s team brings a wealth of experience to McAfee, and together we are committed to enabling organizations to reach their full cloud potential.”

“Joining forces with McAfee means that our groundbreaking capabilities including our unique application-identity based approach for app-level protection and micro-segmentation will be available on a global scale,” said Vishwas Manral, founder and CEO of NanoSec. “McAfee has demonstrated not only its leadership in cloud security, but its desire to continually innovate and deliver new capabilities that reshape how organizations can operate workloads and applications safely in the cloud. It felt like a natural fit to join McAfee to deliver to application development and security professionals greater visibility and control over detecting, responding and resolving threats to reduce risk.”

McAfee’s acquisition of NanoSec further demonstrates how McAfee is working to integrate security natively into DevSecOps processes and toolsets to discover and address security issues before applications are deployed. 

Terms of the acquisition were not disclosed.

For more information about McAfee’s market-leading cloud security, please visit:

·       McAfee MVISION Cloud

·       Cloud Adoption and Risk Report

Gartner Best Practices for Running Containers and Kubernetes in Production, Arun Chandrasekaran, 25 February 2019

 

About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. www.mcafee.com 

About NanoSec

NanoSec, based in Cupertino, Calif., with an office in Bengalaru, is a pioneer in application-centric security solutions aimed at protecting data center and cloud traffic. Its zero-trust security platform simplifies cloud application workload protection that effortlessly expands security protection across multiple computing and containerized environments, independent of the underlying infrastructure.

###

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. No computer system can be absolutely secure. McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...