Published on April 7th, 2021 📆 | 8586 Views ⚑0
VMware Carbon Black expands container security through the entire CI/CD lifecycle
Software virtualization giant VMware Inc. is expanding its container and Kubernetes security capabilities with a key update to its VMware Carbon Black Cloud Workload offering announced today.
The update, the company said, will increase visibility for containerized applications throughout the development lifecycle, from build to deployment in the cloud or on-premises.
VMware Carbon Black Cloud Container is said to build security directly into the continuous integration and continuous delivery or CI/CD pipeline, helping teams analyze and control application risks before they’re deployed into production. It’s designed to protect modern applications built using containers, which host the components of those apps. Kubernetes, in turn, is open-source software used to manage large clusters of containers.
VMware said the new offering will enable developers and information security teams to scan containers and Kubernetes files at the beginning of the development cycle, helping them to identify and fix any vulnerabilities early on, long before the new apps ever reach production. It will effectively serve as a “vantage point” for container visibility that will foster greater collaboration between InfoSec and DevOps teams, VMware said.
The VMware Carbon Black Cloud Container offering is centered on a Security Posture Dashboard that provides a comprehensive view of all of the container apps that an organization is running or building. Through that portal, developers and security teams can scan container images to identify any vulnerabilities or misconfigurations. If something shows up, teams can then restrict which container registries and repositories that are allowed in production. They can also set minimum standards around security and compliance to help ensure they are following security benchmarks and Kubernetes best practices.
The dashboard can also conduct prioritized risk assessments that enable teams to regulate review container images that are running in production and ensure that only those that meet approval are deployed. Further, the offering makes it possible to streamline compliance reporting and automate policy creation against industry standards such as those designed by the National Institute of Standards and Technology.
That, VMware said, ensures the integrity of Kubernetes configurations through control and visibility of workloads that are deployed to an organization’s clusters. In addition, customizable policies help enforce secure configurations by blocking exceptions or alerting staff about them.
Constellation Research Inc. analyst Holger Mueller said that with the vast majority of container apps being used alongside Kubernetes, vendors are racing to make it easier to operate and secure Kubernetes operations. “VMware is expanding the capabilities of its popular Carbon Black security offering, enabling better InfoSec capabilities, giving ITops and DevOps teams a way to secure their next-generation applications from the ground up,” Mueller said.
VMware said Carbon Black Cloud Container is designed to work with its VMware Tanzu portfolio, which is an application modernization platform based on the Kubernetes orchestrator. It said the offering will be built into selected editions of VMware Tanzu, which will include a global control plane for centralized management of all aspects of cluster lifecycles, including policies for access, data protection and more.
“With security built into the development and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds,” said Patrick Morley, senior vice president and general manager or the Security Business Unit at VMware.
VMware said the container image scanning and CI/CD integration capabilities will be made available later this month, with runtime security for detection and response capabilities to be added later this year.
Photo: Robert Hof/SiliconANGLE
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
originally appeared on Source link