VMware expands cloud workload protections for containers and Kubernetes

The new Carbon Black Cloud capabilities are designed to help InfoSec and DevOps teams work together to spot problems before applications are deployed into production.

VMware on Wednesday announced expanded cloud workload protections for containers and Kubernetes environments. The new security capabilities, built into the Carbon Black Cloud, follow last year's acquisition of the security platform Octarine. The new features are part of VMware's broader efforts to "intrinsically secure" workloads. 

The new capabilities build security into the continuous integration and delivery (CI/CD) pipeline, so InfoSec and DevOps teams can analyze and manage risks before applications are deployed into production. 

The improved security lines up with the rise in containerized applications. According to Gartner, by 2025, more than 85 percent of global organizations will be running containerized applications in production. 

"Containers and Kubernetes are enabling organizations to develop and modernize applications faster than ever, but the innovation is also expanding the attack surface," Patrick Morley, SVP and GM of VMware's Security Business Unit, said in a statement. "Our solution extends security to containers and Kubernetes to deliver one of the industry's most comprehensive cloud workload protection platforms."

The new capabilities provide teams with a Security Posture dashboard giving them visibility into Kubernetes workloads. They also include prioritized risk assessments, letting InfoSec and DevOps teams review images running in production. Infosec teams will also be able to streamline compliance reporting and automate policy creation against industry standards such as NIST.

There's also new container image scanning and hardening capabilities, enabling InfoSec and DevOps teams to identify vulnerabilities and restrict the registries and repositories that are allowed in production. Teams can also set minimum standards for security and compliance, generate compliance reports and follow CIS benchmarks and Kubernetes best practices.