“AWS covers a lot of ground, such as security of the cloud, but users are still responsible for their security in the cloud—including securing their operating systems, applications and data traffic.” said Shishir Singh, vice president and general manager of the Network Security business unit, McAfee. “While firewall configurations are important, security teams and cloud architects need to address exploit prevention, malware protection and gain visibility into the lateral movement of threats. With McAfee Network Security Platform, users can move beyond the basics to more sophisticated protection of their cloud network.”
Advanced malware can reach an organisation’s AWS workloads through network traffic, along with cross site scripting, botnets and SQL injection attacks. Deploying infrastructure in the cloud can also open the window for new vulnerabilities that fall under the customer’s responsibility—if one virtual server in AWS is compromised, the malware can potentially roam to other vulnerable servers in the same customer environment. This lateral path is known as “east-west” network traffic, and often represents the majority of communication within virtualized environments.
McAfee vNSP has been designed from the ground up to work in highly distributed AWS infrastructure to ease network congestion. Instead of taking a traditional approach, monitoring an entire network segment to effect protection for a single workload, McAfee vNSP protects at the individual workload level. This approach is significantly different from other market solutions, guaranteeing visibility of inter-segment traffic, eliminating a single point of failure for an entire network segment and efficiently using security resources only where directed. The McAfee vNSP solution built specifically for AWS can also be managed from the same console as on-premises McAfee NSP.
Development teams can easily integrate security into their application deployment process by using automation frameworks such as Cloud Formation templates, Chef and Puppet to deploy and manage McAfee vNSP in AWS. Network security controls are comprehensive and include inline exploit prevention, with web application protection, zero-day malware detection, and workload isolation through segmentation and east-west attack detection.
McAfee vNSP for AWS builds upon McAfee’s commitment to enable advanced security for AWS customers.
Cloud Workload Security for AWS
McAfee also recently released the new Amazon Machine Image (AMI) for McAfee Public Cloud Server Security Suite (McAfee PCS), which is available on an hourly basis on the AWS Marketplace. This Paid AMI is a flexible option for protecting AWS workloads since there’s no need to estimate usage and obtain a license before getting started. Users can access McAfee PCS in AWS Marketplace.