Cisco Unveils New Open Source Security Tools at KubeCon EU

Cisco Systems, long a significant contributor to the open source software community with more than 200 projects to its credit, introduced a bundle of new open source tools for developers involving application modernization at KubeCon+CloudNativeCon in Amsterdam on April 20.
The three new additions — VMClarity, Nasp and Media Streaming Mesh — are designed to add functionality for securing Kubernetes and cloud native environments in general, the company said. At the conference, Cisco’s Emerging Technologies and Incubation division demonstrated that these tools improve security tools, risk inventory in the application stack, and application modernization to expand the boundaries of cloud native environments.
VMClarity
VMClarity is designed to address the potential problems of using virtual machines (VMs) in cloud native environments.
“VMs are the No. 1 most-used service on public clouds and the predominant method for hosting containers,” Vijoy Pandey, Cisco’s senior vice-president of engineering, wrote in a blog post. “The resulting attack paths can be more elaborate than Amsterdam’s canal system. We saw a need to provide protection for VMs against security threats such as leaked secrets, malware, and rootkit as well as system misconfigurations and vulnerability scanning, as they are still very much part of how businesses run in the cloud.
“That’s why we developed VMClarity, a part of the OpenClarity suite of projects, to address the vulnerabilities of using virtual machines in cloud native environments.”
Pandey said VMClarity provides agentless detection and management of software bill of materials (SBOMs), which was recently mandated by a federal executive order from the Biden administration.
Nasp
Nasp, a lightweight library to expand service mesh capabilities to non-cloud environments, provides these capabilities to non-cloud endpoints and smaller cloud environments. This extender can bring applications running on edge devices, legacy VMs, and mobile clients into the Kubernetes service mesh. Applications using Nasp are handled as standard service mesh workloads without the need for dedicated proxies, Cisco said.
Media Service Mesh
Cisco also introduced Media Service Mesh (MSM), an open source project that the company claims runs real-time media applications in cloud native Kubernetes environments more efficiently. Because Kubernetes is designed for running web applications — which are by default non-real-time — MSM enables media streaming applications to be run in cloud native and Kubernetes environments without workarounds. MSM offloads the media streaming from the application using the Kubernetes environment effectively and as it was designed. Media Streaming Mesh will be available in a GitHub repository in the upcoming months.
Cisco has contributed code to more than 200 open source projects, and it has also created its own open source projects, such as APIClarity, KubeClarity, and Network Service Mesh. Cisco also is a member of the Cloud Native Computing Foundation (CNCF) and the Linux Foundation.