What is Cloud Workload Discovery?
Cloud Workload Discovery (CWD) is designed to address the problem of lack of visibility and control for “Public Cloud” workloads. It is also the new name of a “mega” package containing a set of ePO extensions for use with selected Public Cloud environments (Amazon Web Services and/or Microsoft Azure), that include components such as …
- (Data Center) Connector for AWS
- (Data Center) Connectors for Azure
- (Cloud Usage) Metering
- Data Protection for Cloud
- (new) Data Center Visualization
- (new) Data Center Assessment
Cloud Workload Discovery, with VMware, AWS, Microsoft Azure and OpenStack, provides end-to-end visibility into all workloads and their underlying platforms. Insights into weak security controls, unsafe firewall and encryption settings and indicators of compromise such as suspicious traffic lead to faster detection while McAfee® ePolicy Orchestrator® (McAfee ePOTM) or DevOps tools enable quick remediation.
Value of Cloud Workload Discovery
Using Cloud Workload Discovery, customers can:
- Assess end-to-end security posture (workloads and platforms)
- Monitor and protect workloads across all private and public clouds
- Maintain regulatory compliance.
Cloud Workload Discovery Included in Product Suites
- McAfee Public Cloud Security Server Security suite
- McAfee Server Security Suite Essentials
- McAfee Server Security Suite Advanced
Cloud Workload Discovery 4.5.1 is now available.
This release includes new features, fixes, and enhancements including:
Activate McAfee Endpoint Security: In addition to McAfee products such as MOVE, Host Intrusion Prevention, and Application and Change Control, you can now install Endpoint Security 10.5 on your instances. Endpoint Security is available for Windows and Linux operating systems, and is now included in Server Security Suite Advanced, Server Security Suite Essentials, and Public Cloud Server Security Suite.
To download Cloud Workload Discovery 4.5.1 go to the Product Downloads site at:
For a full list of changes, see the Release Notes in PD26917:
For a list of Known Issues, see KB87315:
New Features in Cloud Workload Discovery 4.5
Support for VMware vCenter cloud instances - Discovers, assesses and secures VMware vCenter cloud instances.
Host assessment policy - New threat prevention, intrusion prevention, application control, change control and encryption tabs show what products are installed on instances along with their properties.
Quick activation of missing protection - Securing instances at risk takes just a few clicks using McAfee ePO or DevOps tools.
Volume discovery for AWS instances - Root and data volumes for AWS instances are discovered and data volumes are assessed to determine the encryption status.
Automatic responses - McAfee ePO server can be configured to trigger an action in response to critical issues or warnings. Standard templates are available.
Updated issues panel - Toggles between critical and warning issues classified as Workload Security, Platform Security and Traffic.
Simplified firewall policy includes port whitelisting.
Improved traffic user interface for AWS instances - Traffic for AWS instances shows blocked internal and suspicious external connections.
Updated Connectors for AWS and Azure
Support for Microsoft Azure Resource Manager
- There are now two Connectors for Microsoft Azure, to support both Azure Classic and Azure Resource Manager
Data Center Visualization (Visualization of your cloud workloads)
- The user interface gives you security visibility across multiple clouds in one place. You can view virtual networks, templates and workloads across AWS and Azure cloud infrastructure
Data Center Assessment (Security posture assessment)
- You can view potential threats and unsafe settings so that you can take appropriate actions. You can view these details in your network configuration.
- Security settings that include unsafe firewall settings.
- Systems that do not have McAfee anti-malware products installed on them.
- Security status of suspicious external connections and blocked internal connections for your AWS instances.
Cloud Workload Discovery Options
Three Cloud Workload Discovery options are available to help customers meet their cloud security requirements:
- Cloud Workload Discovery for hybrid cloud (VMware, OpenStack, AWS and Microsoft Azure is available in McAfee Server Security Suite Advanced and McAfee Server Security Suite Essentials.
- Cloud Workload Discovery for private cloud (VMware and OpenStack) is available as part of McAfee MOVE AntiVirus and McAfee Security Suite for Virtual Desktop Infrastructure (VDI).
- Cloud Workload Discovery for public cloud (AWS and Microsoft Azure) is available in McAfee Public Cloud Server Security Suite.
VIDEO: Cloud Workload Discovery 4.5.1 - Public and Private Cloud Security
Cloud Workload Discovery 4.5.1 and its customer documentation is available from Intel Security Downloads behind the appropriate grant numbers.
CWD is also available via the McAfee ePO Software Manager from the ePO Console (Messaging & Web Security section).
For Cloud Workload Discovery 4.5.1
Cloud Workload Discovery 4.5.1 Release Notes (PD26917)
Cloud Workload Discovery 4.5.1 Product Guide (PD26916)
For Cloud Workload Discovery 4.5
Cloud Workload Discovery 4.5 Release Notes (PD26792)
Cloud Workload Discovery 4.5 Product Guide (PD26791)
For Cloud Workload Discovery 4.0
Cloud Workload Discovery 4.0 Release Notes (PD26594)
Cloud Workload Discovery 4.0 Product Guide (PD26595)
For Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Installation Guide - Rev G (PD25687) *Now includes Best Practices information!
McAfee Public Cloud Server Security Suite Amazon Machine Image Release Notes - Rev E (PD25786)
KB87466 - FAQs for Cloud Workload Discovery
KB87465 - Supported platforms, environments, and operating systems for Cloud Workload Discovery
KB87315 - Cloud Workload Discovery 4.x Known Issues