Pricing plans
| Plan | Features and capabilities | Pricing | |
|---|---|---|---|
Container vulnerability scanning
Focus sentinelFocus sentinel
Security and Compliance Center Workload Protection
Detect and respond to vulnerabilities and threats, and manage configurations, permissions, and compliance.
- Date of last update: 07/17/2023
- Docs
Summary
Security and Compliance Center Workload Protection helps you accelerate your Kubernetes and cloud adoption by addressing security and regulatory compliance. Easily identify vulnerabilities, check compliance, block runtime threats and respond to incidents faster at every stage of the Cloud, container and Kubernetes lifecycle.
Features and capabilities
Cloud Security Posture Management (CSPM)
Identify, prioritize on and fix cloud misconfigurations across multiple cloud environments with visibility into cloud assets, misconfiguration and suspicious activity using a single tool. Continuously track security posture and compliance against frameworks like CIS, PCI and NIST. Prioritize fixes by consolidating issues based on root cause and impact, and automate remediation through pull requests, playbooks and suggested manual patches.
Cloud Infrastructure Entitlement Management (CIEM)
Gain visibility into cloud identities and manage permissions: identify inactive users or with excessive permissions. Optimize access policies to grant just enough privileges. Simplify audit review meeting identity and access management requirements for standards such as PCI, SOC2 or ISO 27001.
Cloud Detection and Response (CDR)
Investigate suspicious activity across overly privileged users accessing sensitive data. Gain real-time visibility by monitoring cloud security controls, detecting configuration changes and preventing drift across multiple cloud accounts.
Vulnerability Management
Automate CI/CD pipeline and registry scanning without images leaving your environment. Block vulnerabilities in before production and monitor for new CVEs at runtime. Map critical vulnerabilities back to an application and dev team.
Kubernetes Workload Protection and Network Segmentation (CWPP)
Secure containers, Kubernetes, OpenShift and hosts with out-of-the-box runtime security policies. Detect threats in real time, block crypto-miners, block executables to stop malware, malicious users or risky practices to prevent container drift. Implement FIM (File Integrity Monitoring). Visualize communication between pods and services to auto-generate least privilege network security policies.
Container Forensics and Incident Response
Streamline incident response for containers, Kubernetes and OpenShift. Conduct forensics to understand security breaches, meet compliance requirements and recover quickly even after a container is gone.
Built for Multi-cloud Environments
Supports multiple cloud providers and addresses risk across all of your cloud account and deployments, including IBM Cloud, Azure, AWS, Google Cloud and on-prem environments.
Based on Open Standards
Identify anomalies by leveraging Falco technology, the cloud-native standard for threat detection. Enforce policies through OPA, the cloud-native engine for configuration policies.
Getting support
If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.