Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

  1. Catalog

Security and Compliance Center Workload Protection

Detect and respond to vulnerabilities and threats, and manage configurations, permissions, and compliance.

  • Date of last update: 11/29/2023
  • Docs
  • Service
  • IBM
  • 11/29/2023
  • Security
  • IAM-enabled
  • Docs
  • Terms

Pricing plans

PlanFeatures and capabilitiesPricing

  • Service
  • IBM
  • 11/29/2023
  • Security
  • IAM-enabled
  • Docs
  • Terms

Summary

Security and Compliance Center Workload Protection helps you accelerate your Kubernetes and cloud adoption by addressing security and regulatory compliance. Easily identify vulnerabilities, check compliance, block runtime threats and respond to incidents faster at every stage of the Cloud, container and Kubernetes lifecycle.

Features and capabilities

Cloud Security Posture Management (CSPM)

Identify, prioritize on and fix cloud misconfigurations across multiple cloud environments with visibility into cloud assets, misconfiguration and suspicious activity using a single tool. Continuously track security posture and compliance against frameworks like CIS, PCI and NIST. Prioritize fixes by consolidating issues based on root cause and impact, and automate remediation through pull requests, playbooks and suggested manual patches.

Cloud Infrastructure Entitlement Management (CIEM)

Gain visibility into cloud identities and manage permissions: identify inactive users or with excessive permissions. Optimize access policies to grant just enough privileges. Simplify audit review meeting identity and access management requirements for standards such as PCI, SOC2 or ISO 27001.

Cloud Detection and Response (CDR)

Investigate suspicious activity across overly privileged users accessing sensitive data. Gain real-time visibility by monitoring cloud security controls, detecting configuration changes and preventing drift across multiple cloud accounts.

Vulnerability Management

Automate CI/CD pipeline and registry scanning without images leaving your environment. Block vulnerabilities in before production and monitor for new CVEs at runtime. Map critical vulnerabilities back to an application and dev team.

Kubernetes Workload Protection and Network Segmentation (CWPP)

Secure containers, Kubernetes, OpenShift and hosts with out-of-the-box runtime security policies. Detect threats in real time, block crypto-miners, block executables to stop malware, malicious users or risky practices to prevent container drift. Implement FIM (File Integrity Monitoring). Visualize communication between pods and services to auto-generate least privilege network security policies.

Container Forensics and Incident Response

Streamline incident response for containers, Kubernetes and OpenShift. Conduct forensics to understand security breaches, meet compliance requirements and recover quickly even after a container is gone.

Built for Multi-cloud Environments

Supports multiple cloud providers and addresses risk across all of your cloud account and deployments, including IBM Cloud, Azure, AWS, Google Cloud and on-prem environments.

Based on Open Standards

Identify anomalies by leveraging Falco technology, the cloud-native standard for threat detection. Enforce policies through OPA, the cloud-native engine for configuration policies.

Container vulnerability scanning

Focus sentinel

(1/3) | Container vulnerability scanning

Focus sentinel

Getting support

If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.

Summary

Security and Compliance Center Workload Protection

    Already have an account? Log in