McAfee announced on April 20 that it will make the “MVISION Cloud Native Application Protection Platform” (CNAPP) generally available. It has been available in the US since the end of March, and in Japan it will be ready for delivery about a month later. First, Mr. Hiroshi Sasaki, Senior Security Advisor of the Cyber Strategy Office of the company, explained the background situation, saying that CNAPP is simply “a solution that firmly protects the cloud infrastructure such as IaaS and PaaS” and “on the cloud. “How to protect data and applications” has become an important issue for companies. “In the current Corona environment, it is difficult for companies to survive without DX (digital transformation),” said Sasaki. On the other hand, the rapid progress of digitalization is increasing security risks, he said. Points out. Specifically, IoT home appliances are being commercialized one after another, but the IT / security department of the manufacturer is basically not involved in the development of such products and the provision of services after sales. / Since it is common to be in charge of the development department, there are cases where products are released with little accumulation of knowledge and know-how regarding IT and security. In addition, since it is difficult to develop and operate by ourselves, when the composition is such that the business is outsourced to an external system development / operation operator and the outsourced operator utilizes the cloud infrastructure as a service infrastructure, “security governance is It will be difficult to work, “says Mr. Sasaki. He said that the “7pay” incident in 2019 is an example of the “expansion of” connected “products and services” that “exposed” security issues “outside the company” and developed into major problems related to business continuity. In addition to giving an example of “docomo account” in 2020, he also mentioned “insufficient personal information management of LINE” in 2021. It is necessary to understand where, how, how it was moved, stored (encrypted), and how it was accessed (controlled), and its risks. ” Next, Mr. Hidemitsu Sakurai, General Manager of Sales Engineering Division of the company, introduced the outline of CNAPP. First, he explained that CNAPP is “a release of functions that are mainly responsible for IaaS / PaaS security in the field of cloud security.” The CSPM (Cloud Security Posture Managemet) function, which is one of the cloud security functions of Skyhigh Networks acquired by the company in 2017, and the company has long provided it under the name of “McAfee Cloud Workload Security”. He introduced how the CWPP (Cloud Workload Protection Platform) functions that had been used were integrated, and the container security function that was provided separately was also given the name “MVSION CNAPP”.
Configuration of key features of the MVISON Cloud platform. The SWG (Secure Web Gateway) function surrounded by the red dashed line at the right end is derived from McAfee, and the function group acquired by the acquisition of Skyhigh Networks is surrounded by the blue dashed line in the center. MVISION UCE (Unified Cloud Edge, so-called SASE function) is configured by integrating. The MVISION CNAPP, which will be launched in Japan this time, will be a combination of Skyhigh-derived CSPM with the “agent-type CWPP” and “container security” that McAfee has provided so far. Although it is an environment where IaaS / PaaS is used together, “Integrated operation management is not performed”, “Current situation cannot be grasped and regular confirmation is not possible”, “Important data is not properly visualized and protected” He pointed out that he is facing issues such as “security measures (DevSecOps) are not catching up” and “incidents that occur on the cloud are not properly handled / knowledge is not available”. It is said that these issues can be solved by MVISION CNAPP. Currently, it supports IaaS / PaaS for Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, and centrally manages operations for these clouds from a single management console for enhanced security. You can perform setting audits, vulnerability inspections, problem repairs, and visualization of important data (DLP function). In addition, the MITER ATT & CK framework can automatically take security measures within the software development process in cooperation with the continuous integration / continuous delivery (CI / CD) tools used for software development. It also has a function to centrally display in an easy-to-read manner according to the above.
MVISION CNAPP can solve the problems caused by the migration of the user’s environment to multi-cloud (IaaS / PaaS). New features that he emphasized are agents that complete data scanning and malware scanning by DLP within the user tenant. There is a point that you can scan the type. In the conventional cloud DLP and malware scan, data was once sent to MVISION Cloud for checking through API linkage, but in AWS, in addition to being charged for external transfer of data, the problem is that “data goes out” itself. There was a possibility that it would become. In response to this, a dedicated PoP will be newly installed in the user’s AWS environment to enable local scanning of data. In general, CNAPP is said to be “provided by integrating CWPP and CSPM”, but “CNAPP has the third function of” visualization / control of applications and data “in addition to CWPP and CSPM. The feature is that it is added as a pillar, and it is a point of differentiation from competition “(Mr. Sakurai).
An overview of data scans within user tenants. Traditional DLP features, including competing products, used to transfer data from AWS to an external DLP engine through an API, but now it’s now possible to perform local scans within user tenants. I was able to confirm the latest information on the sale of the corporate business announced by McAfee on the day, so I would like to introduce it. The company has announced that it has agreed to sell its corporate business to a consortium led by the Symphony Technology Group (STG), but according to Sakurai, it is effectively a spin-off of the former McAfee. A new company has been established to succeed the corporate business, and all the personnel of the current corporate business division will be transferred to that company. The new company will be changed from the company name McAfee, and some product names may be changed, but “There is no change in the products currently being offered or the future product roadmap” (Sakurai) Mr.). In addition, there was an observation that it might be integrated with another security vendor under STG, but Mr. Sakurai denied this, and the new company has no plans to handle products / services other than the business for McAfee corporations. It is supposed to be. Especially in the Japanese market, McAfee, which can be said to have an overwhelming presence in the corporate business, announced that it will specialize in the consumer business, but it is said that the corporate business will continue as it is by changing the company name. That’s why users can rest assured.