Exclusive: McAfee Is Acquiring NanoSec to Build Out Its Container-Focused Cloud Security Services
Cybersecurity firm McAfee is acquiring NanoSec, a cloud security startup focused on security solutions for applications built with the increasingly dominant ‘containers’ approach.
“This is a nice deal for McAfee, as enterprise customers use more containers and drive towards production applications,” said Stephen Elliot, an analyst with IDC who was briefed on the deal. “Customers have to have a security plan for their DevOps [software development and IT operation] and container strategies. It should compliment [McAfee’s] cloud security plans.”
Terms of the deal were not disclosed, and information on NanoSec's financials is private. Founded in 2015 by CEO Vishwas Manral, NanoSec has 20 employees that are currently located at offices in Cupertino, Calif. and Bangalore.
Cupertino-based employees will be integrated into McAfee’s Santa Clara office, according to Rajiv Gupta, McAfee’s assistant vice president for cloud security, while employees in Bangalore will join the McAfee office there. McAfee has not disclosed financial details of the acquisition.
Container-based architecture can be seen as a continuation of the trends that moved computing from mainframes to PCs, or from servers to so-called ‘virtual machines.’ Containers can make cloud applications more cost-effective, because the various ‘microservices’ making up an application can be activated or deactivated on the fly. Their code can also be reused in different contexts, rather than having to be re-implemented for every individual program.
But the approachalso creates novel security risks.
“When I have these microservices, there are many more front doors and many more side-doors,” says Gupta. “I want to make sure there isn’t any side channel that will let my system get infected or compromised or snooped on. The requirements for visibility and control get to be a lot more stringent.”
NanoSec’s tools are oriented towards providing that higher level of monitoring. These include live telemetry that detect anomalous patterns, and an approach to permissions that focuses on application IDs rather than signals that may be losing relevance.
“Most of the existing security providers are using IP addresses” to monitor user behavior, Gupta says. “Those are not relevant in the new container world. It’s a little like trying to feed oats to my Model T.” Broadly, that’s because various elements and users of a container-based system can appear, disappear, and transform so quickly—Gupta describes the environment as “ephemeral.”
More must-read stories from Fortune:
—What people get wrong about artificial intelligence and China
—Is it “only human” to feel anxious about money? Talking finance with Sophia the Robot
—The currency that’s quietly emerged as Asia’s safest bet
—Listen to our audio briefing, Fortune 500 Daily
Follow Fortune on Flipboard to stay up-to-date on the latest news and analysis.