Getting started with IBM Cloud Security and Compliance Center Workload Protection

Before you begin

Before you can set up a Workload Protection instance, make sure that you have access to create resources in a resource group.

The IBM Cloud account owner can create, view, and delete an instance of a service, and can grant access to other users to work with the IBM Cloud Security and Compliance Center Workload Protection service. Other IBM Cloud users with administrator or editor roles can manage the Workload Protection service. For more information about managing access, see Managing IAM access for Workload Protection and Managing user access in IBM Cloud.

Setting up Workload Protection

To add security features with Workload Protection in IBM Cloud, you must create an instance of the service.

Instances are created in a resource group. A resource group organizes your services for access control and billing purposes. You can create the Workload Protection instance in the defautl resource group or in a custom resource group.

Complete the following steps:

1. Go to the catalog in the IBM Cloud console.

2. Search for Security and Compliance Center Workload Protection and open the tile.

3. Select the location and plan.

4. (Optional) CSPM is enabled by default. With this enabled, Workload Protection scans your IBM Cloud account and resources for compliance. You can disable CSPM if you do not want to scan your account for compliance.

   Are you interested in securing multiple cloud accounts in addition to IBM Cloud? Workload Protection supports multiple cloud providers, like AWS and Azure. See Connect cloud accounts for more information.

5. Click Create.

Protect containers and hosts by adding agents

After you create an instance of Workload Protection, you can deploy an agent on your cluster. The agent collects data that you can use for intrusion detection, posture management, vulnerability scanning, and incident response capabilities.

You can use the console to connect an existing Red Hat OpenShift or Kubernetes cluster to your instance of Workload Protection. Go to Containers > Clusters to access the existing cluster. Then, click Connect in the Workload Protection widget to connect your cluster to Workload Protection.

To programmatically add an agent, choose from the following options:

• Add an agent on a Kubernetes cluster.
• Add an agent on a Red Hat OpenShift cluster.

You can add an agent to other containers and hosts, including IBM Satellite, Linux hosts on Power Virtual Server, AIX hosts on Power Virtual Server, and more.

After you add an agent, you can view, manage, and analyze data through the Workload Protection UI. To get there, go to the IBM Cloud Compliance page, select your instance of Workload Protection, and click Open dashboard.

Secure your environment

After you add an agent, you can secure your environment by completing the following tasks:

Integrate scanning into your CI/CD Pipeline

You can integrate scanning into your CI/CD Pipeline to analyze images that are available on the CI/CD worker nodes. For more information, see Integrate scanning into your CI/CD Pipeline.

Configure a notification channel

You can configure a notification channel to get notified about events, anomalies, or security incidents that require attention. For more information, see Manage notification channels.

Configure a rule

Rules are fundamental building blocks that you can use to create your security policies. A rule is any type of activity that an organization would want to detect in its environment. For more information, see Managing rules.

Review your compliance results

The compliance module relies on persisting the resources in an inventory. This enhanced resource visibility and full-context prioritization drives remediation and resolution of violations. For more information, see Review your Compliance results.