What is Cloud Workload Security?
(Cloud Workload Discovery is now updated and renamed to Cloud Workload Security)
Cloud Workload Security (CWS) is a suite of products and features designed to address the problem of lack of visibility and control for public and private cloud workloads. Cloud Workload Security is also a set of ePO extensions for use with selected public and private cloud environments (Amazon Web Services, Microsoft Azure and VMware). The extension bundle includes components such as …
- (Data Center) Connector for AWS
- (Data Center) Connectors for Azure
- (Cloud Usage) Metering
- Data Protection for Cloud
- (New) Visualization for Cloud
- (Data Center) Connector for VMware Vsphere
AWS and Azure Traffic visualization requires the Cloud Workload Security License Extension.
This page is primarily concerned with the features and functionality of the Cloud Workload Security 5.0 ePO extensions.
Cloud Workload Security, with VMware, AWS, Microsoft Azure, provides end-to-end visibility into all workloads and their underlying platforms. Insights into weak security controls, unsafe firewall and encryption settings and indicators of compromise such as suspicious traffic lead to faster detection while McAfee® ePolicy Orchestrator® (McAfee ePOTM) or DevOps tools enable quick remediation.
Value of Cloud Workload Security
Using Cloud Workload Security, customers can:
- Continuously monitor workloads to eliminate blind spots and automate laborious policy deployment
- Deploy VM optimized threat defense to monitor and protect workloads across all private and public clouds
- Centralize management and automate workflows to reduce operational complexity
Cloud Workload Security Options
Three Cloud Workload Security options are available to help customers meet their cloud security requirements:
Cloud Workload Security
Cloud Workload Security Essentials
Cloud Workload Security Advanced
McAfee ePolicy Orchestrator
Cloud Workload Security Management
Threat Prevention for Servers (Windows & Linux)
Host Intrusion and Exploit Prevention
Cloud Encryption Management
Management for Optimized Virtual Environments (McAfee MOVE) - Agentless & Multiplatform
Native Firewall Management for AWS & Azure (Security Groups)
Adaptive Threat Protection with Behavioral Analysis
Native network traffic analysis for AWS & Azure
Network Traffic Visualization
Application Control for Servers
File Integrity Monitoring
Change Control for Servers
McAfee Virtual Network Security Platform Integration
Per OS Instance
Per OS Instance
Per OS Instance
Cloud Workload Security 5.0 is now available.
To download Cloud Workload Security 5.0 go to the Product Downloads site at:
For a full list of changes, see the Release Notes in PD27356:
For a list of Known Issues, see KB90035:
New Features in Cloud Workload Security 5.0
Card based user interface for improved usability - The Cloud Workload Security console displays instance details in card based panes. You can manage your instances from a single user interface. You can pivot in to issues, discover, and remediate them in few clicks. The new card based interface includes enhancements like a Improved Pivot table for viewing summaries based on Workloads or Issues. An Improved Summary card to view all running workloads, compliance and threat events. Events are color coded to indicate medium and high risks
Activate McAfee Adaptive Threat Protection - In addition to McAfee products, you can install McAfee® Endpoint Security Adaptive Threat Protection (ATP) on your instances. You can protect your instances from zero day malware using Adaptive Threat Protection.
Activate Network Intrusion Prevention - You can protect your instances from network threats by installing Network Intrusion Prevention. You can view the number of inbound and outbound internal connections, and suspicious and malicious external connections to and from your instances.
Install license extension to enable advanced security features - In addition to installing appropriate extensions for public cloud, private cloud, or hybrid cloud variants to support your cloud vendor accounts, you can install the license extension for Cloud Workload Security. You must install the license extension to enable traffic discovery, traffic assessment, traffic visualization, and Network Security Manager (NSM) account registration.
View traffic details for Microsoft Azure instances - You can view traffic details for your Microsoft Azure instances in the Cloud Workload Security console.
View traffic flow logs - The Cloud Workload Security traffic card has filters to view the flow logs based on time intervals. The traffic card has filters to display inbound traffic outbound trafficand blocked connections. In addition to the filters you can view the direction of traffic for the selected instance and take remediation measures.
Perform DAT assessment - Cloud Workload Security performs DAT assessment for all workloads older than a week. You can view the DAT assessment details for your instances in System Details and pivot table.
Improved tagging - Your instances are tagged automatically based on account name and platform name when you register your cloud account. In addition to auto tagging, Cloud Workload Security allows you to create custom tags for your instances. You can create tags for a single instance or bulk tag various instances.
Deploy NSP probe - After registering your NSM account, you can protect your instances by deploying vNSP probe on your cloud infrastructure.
Change Assessment Policy at account level and workload level - You can now create or select assessment policies for accounts and workloads without going to System Tree. You can select any existing assessment policy or create your own policy while registering your cloud accounts. You can also create or select assessment policies from the Workload Details pane for one or multiple instances.
Set AWS and Azure privileges - You can set three levels of user privileges for your AWS and Microsoft Azure cloud accounts. Cloud Workload Security discover workloads, discover traffic and remediate security groups based on the selected privilege.
Upgrade options for Cloud Workload Security
You can upgrade Cloud Workload Security 4.5.1 to Cloud Workload Security 5.0.0 with the required extensions. We recommend upgrading your existing McAfee® ePolicy Orchestrator® (McAfee® ePO™ ) version to 5.3.3, or 5.9 (EPO590HF1208662). You cannot upgrade Cloud Workload Security 4.0.0 to 5.0.0 directly. You must upgrade the 4.0.0 version to 4.5.1, and then upgrade it to 5.0.0.
Cloud Workload Security 5.0 and its customer documentation is available from McAfee Downloads behind the appropriate grant numbers.
CWD is also available via the McAfee ePO Software Manager from the ePO Console (Messaging & Web Security section).
Installing Cloud Workload Security
For Cloud Workload Security 5.0
Cloud Workload Security 5.0 Release Notes (PD27356)
Cloud Workload Security 5.0 Product Guide (PD27357)
Cloud Workload Security 5.0 Installation Guide (PD27359)
For Cloud Workload Security 4.5.1
Cloud Workload Security 4.5.1Release Notes (PD26917)
Cloud Workload Security 4.5.1Product Guide (PD26916)
For Cloud Workload Security 4.5
Cloud Workload Security 4.5 Release Notes (PD26792)
Cloud Workload Security 4.5 Product Guide (PD26791)
For Cloud Workload Security 4.0
Cloud Workload Security 4.0 Release Notes (PD26594)
Cloud Workload Security 4.0 Product Guide (PD26595)
McAfee Public Cloud Server Security Suite Amazon Machine Image Release Notes - Rev E (PD25786)
Chef sample scripts to use with Cloud Connector for AWS (Includes best practice guide) (KB82584)
KB90063 - FAQs for Cloud Workload Security
KB90062 - Supported platforms, environments, and operating systems for Cloud Workload Security
KB90035 - Cloud Workload Security 5.x Known Issues