Trend Micro, McAfee and Bitdefender Top Cloud Workload Security List

Trend Micro, McAfee and Bitdefender are among the "leaders" in a new report from Forrester Research on cloud workload security.

Covering Q4 2019, the report details 13 significant vendors, with Kaspersky, Qualys, Check Point, Palo Alto Networks and CloudPassage being named "strong performers"; and Symantec, Cisco, Aqua Security, Cavirin and Alert Logic bundled into the "contenders" section of the Forrester "Wave" report, which featured nobody in the "challengers" section.

The report says organizations seeking to secure a cloud workload security vendor should look for qualified companies that:

  • Offer solutions for guest operating system (OS) native protection.
  • Provide templatized API-level configuration management to Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) platforms.
  • Secure container runtimes and orchestration platforms natively.

Forrester said key differentiating factors among vendors include support for containerization and OS-level protection. "As on-premises security suites technology becomes outdated and less effective to provide comprehensive support for cloud workloads, improved broad coverage support for guest/host OS; API-level connectivity to the ... IaaS and... PaaS platform; and container orchestration and runtime platforms will dictate which providers lead the pack," the report says. "Vendors that can provide cloud and on-premises-based CWS solutions position themselves to successfully deliver comprehensive cloud workload protection and posture management to their customers."

The Forrester Wave: Cloud Workload Security Q4 2019
[Click on image for larger view.] The Forrester Wave: Cloud Workload Security Q4 2019 (source: Forrester Research).

For the three aforementioned vendors leading the pack, Forrester remarked on each of their strengths:

  • Trend Micro builds a comprehensive CWS solution. The Trend Micro Deep security solution started with agent instrumentation at the guest OS level but has expanded into protecting hypervisors, container build, and pre-runtime scanning and orchestration platforms as well. The vendor plans to: 1) enhance data collection and managed detection; 2) improve container security and cloud file storage scanning (e.g., AWS S3 buckets); and 3) add serverless and runtime application protection as well as cloud security posture management.
  • McAfee covers guest OS and API platforms. The solution's ePolicy orchestrator offers comprehensive and centralized control of CWS policies. The solution covers guest OS workloads and provides API connectivity to IaaS platforms. The vendor plans to: 1) improve container app security via auto discovery; 2) enhance single-click deployment of security to workloads; and 3) extend Zero Trust to serverless (functions) compute resources.
  • Bitdefender excels in database, user, and agent rollout management. Bitdefender builds on its malware, memory, and hypervisor protection/introspection legacy to craft a broad CWS solution. The vendor plans to: 1) expand the range of capabilities in the … SaaS version of GravityZone; 2) improve attack detection and response for Linux systems; and 3) release container protection modules, including image scanning and configuration drift/anomaly detection.

Forrester cautioned that the report should only be used as a starting point in a vendor evaluation, to be used with an associated Excel-based vendor comparison tool, customized criteria weightings and factors and techniques that are specific to individual scenarios. A version of the report licensed for distribution can be found here.

About the Author

David Ramel is an editor and writer for Converge360.


Subscribe on YouTube