Software virtualization giant VMware Inc. is expanding its container and Kubernetes security capabilities with a key update to its VMware Carbon Black Cloud Workload offering announced today.

The update, the company said, will increase visibility for containerized applications throughout the development lifecycle, from build to deployment in the cloud or on-premises.

VMware Carbon Black Cloud Container is said to build security directly into the continuous integration and continuous delivery or CI/CD pipeline, helping teams analyze and control application risks before they’re deployed into production. It’s designed to protect modern applications built using containers, which host the components of those apps. Kubernetes, in turn, is open-source software used to manage large clusters of containers.

VMware said the new offering will enable developers and information security teams to scan containers and Kubernetes files at the beginning of the development cycle, helping them to identify and fix any vulnerabilities early on, long before the new apps ever reach production. It will effectively serve as a “vantage point” for container visibility that will foster greater collaboration between InfoSec and DevOps teams, VMware said.

The VMware Carbon Black Cloud Container offering is centered on a Security Posture Dashboard that provides a comprehensive view of all of the container apps that an organization is running or building. Through that portal, developers and security teams can scan container images to identify any vulnerabilities or misconfigurations. If something shows up, teams can then restrict which container registries and repositories that are allowed in production. They can also set minimum standards around security and compliance to help ensure they are following security benchmarks and Kubernetes best practices.

The dashboard can also conduct prioritized risk assessments that enable teams to regulate review container images that are running in production and ensure that only those that meet approval are deployed. Further, the offering makes it possible to streamline compliance reporting and automate policy creation against industry standards such as those designed by the National Institute of Standards and Technology.

That, VMware said, ensures the integrity of Kubernetes configurations through control and visibility of workloads that are deployed to an organization’s clusters. In addition, customizable policies help enforce secure configurations by blocking exceptions or alerting staff about them.

Constellation Research Inc. analyst Holger Mueller said that with the vast majority of container apps being used alongside Kubernetes, vendors are racing to make it easier to operate and secure Kubernetes operations. “VMware is expanding the capabilities of its popular Carbon Black security offering, enabling better InfoSec capabilities, giving ITops and DevOps teams a way to secure their next-generation applications from the ground up,” Mueller said.

VMware said Carbon Black Cloud Container is designed to work with its VMware Tanzu portfolio, which is an application modernization platform based on the Kubernetes orchestrator. It said the offering will be built into selected editions of VMware Tanzu, which will include a global control plane for centralized management of all aspects of cluster lifecycles, including policies for access, data protection and more.

“With security built into the development and deployment of applications, we are bridging the gap between the SOC and DevOps teams to help our customers reduce the risks that come with running containers across clouds,” said Patrick Morley, senior vice president and general manager or the Security Business Unit at VMware.

VMware said the container image scanning and CI/CD integration capabilities will be made available later this month, with runtime security for detection and response capabilities to be added later this year.

Photo: Robert Hof/SiliconANGLE