7 April 2025

Posture for Windows Servers

This feature provides compliance scanning for standalone Windows Server hosts, enabling security and regulatory compliance checks for Windows environments. With this release, CIS Windows Server 2022 Benchmark v3.0.0 and CIS Windows Server 2019 Benchmark v3.0.1 Posture policies are provided. For installation, see Managing the Workload Protection agent on Windows Servers.

Host Scanning for Windows Servers

This feature provides coverage for Windows Server operating system vulnerabilities sourced from Microsoft Security Response Center. In addition, the Windows Workload Protection agent detects any non operating-system package vulnerabilities. A single agent supports both Posture and Host Scanning features. For installation, see Managing the Workload Protection agent on Windows Servers.

Power Virtual Server Cloud Security Posture Management

Workload Protection now supports PowerVS resources as part of its Cloud Security Posture Management (CSPM) feature. Supported resources includes PowerVS Workspaces, Instances, Instance Volumnes, Networks, Network Security Groups and Public Networks. Any existing Workload Protection with IBM Cloud CSPM enabled will automatically begin collecting PowerVS resources.

27 March 2025

Tenant-Aware Hierarchical Posture Scanning

IBM Cloud is introducing Tenant-Aware Hierarchical Posture Scanning, a new capability designed to streamline posture management in multi-tenant environments. This feature allows parent tenants to seamlessly integrate posture scanning results from child tenants, ensuring consistent policy application and reporting while eliminating the need for complex cross-region data transfers. To activate the Tenant-Aware Hierarchical Posture Scanning feature, customers must contact IBM Cloud Support. Our team will assist with enabling the feature and guiding you through the setup process to ensure smooth integration into your environment.

In-Use for Linux Hosts is now available in IBM Cloud

Starting with IBM Cloud Linux v13.8.0, you can recognize In-Use Packages on hosts. This addition extends IBM Cloud coverage and helps reduce scope of vulnerabilities you should care about first for remediation; further reducing noise in an ever expanding VM landscape.

19 March 2025

Resource Report (CSV) is now available in Workload Protection

Resource Report generates a CSV that includes Compliance results with the resource details: Name, CRN, Control status, remediation, posture policy, resource labels and many more details. Scope the report to the policy you prefer: Financial Services framework, CIS Benchmark for IBM Cloud or Kubernetes, DORA or PCI that you can schedule daily, weekly or monthly. Start today by accessing your Workload Protection UI and navigating to the Reporting page and selecting New Schedule.

26 February 2025

Deprecation of v1beta1 APIs for Scanning Engine

As of 25 February 2025, the following APIs are deprecated:

• /secure/vulnerability/v1beta1/runtime-results
• /secure/vulnerability/v1beta1/registry-results
• /secure/vulnerability/v1beta1/pipeline-results
• /secure/vulnerability/v1beta1/results/

The API v1 enhances consistency and alignment with platform API standards, and offers improved response schema:

• /secure/vulnerability/v1/runtime-results
• /secure/vulnerability/v1beta1/registry-results
• /secure/vulnerability/v1/pipeline-results
• /secure/vulnerability/v1/results/

If you are currently working with v1beta1 APIs, you must migrate to the new APIs by 1 September, 2025.

18 February 2025

Custom Risks for IBM Cloud

Custom Risks empowers your security team to tackle unique security challenges by defining, writing, and executing custom risk patterns. Create adaptive queries tailored to your specific environment and risk tolerance, then build graph queries and save them as Custom Risks for ongoing management. Start today by accessing your Workload Protection UI and navigating to the Risks page and selecting Custom Risks.

Graph Search for IBM Cloud

This feature lets you explore and access data on GraphDB by querying entities and relationships with SysQL, including all IBM Cloud findings. The intuitive query builder ensures a seamless experience and lets you proactively identify risky patterns before they escalate into full-fledged threats. Start today by accessing your Workload Protection UI and navigating to the Inventory page and selecting Search.

Posture management for Oracle Cloud Infrastructure (OCI)

Workload Protection now provides out-of-the-box posture policies and controls for Oracle Cloud Infrastructure (OCI), including graph-based security analytics and custom risks.

13 February 2025

Information Technology Security Guidance (ITSG-33) now available in Workload Protection

Workload Protection now provides an out-of-the-box policy and controls for Information Technology Security Guidance (ITSG-33). This policy can be leveraged to manage the overall posture for hybrid multicloud environments including IBM Cloud, AWS, Azure, GCP, Kubernetes and Linux.

13 January 2025

Posture Management for AIX servers on PowerVS

SCC Workload Protection now provides posture compliance for AIX operating system, including multiple out-of-the-box policies For more information, check out Managing the Workload Protection agent in AIX on PowerVS.

Compliance Readiness Report

You can generate a PDF of the Compliance Readiness Report, providing an overview of the current state of a compliance policy. The report highlights the status of passing requirements and controls, along with the count of passing and failing resources for each control.

Malware Control Policy

SCC Workload Protection is releasing a new Runtime Threat Policy for Malware Detection. You can now detect Malware being executed in your environment by detecting the known malware hashes and utilize YARA rules to enhance the detection capabilities. Create a new Malware Control Policy under Policies > Runtime Policies.

10 October 2024

Now Generally Available: Posture Management for IBM Cloud in SCC Workload Protection

SCC Workload Protection now provides posture management (CSPM) for IBM Cloud resources with regulatory and industry leading out-of-the-box policies, a unified compliance posture dashboard with detailed remediation guidance and a comprehensive view of assets across hybrid multicloud.

For more information, check out About IBM Cloud Security Posture Management (CSPM).

30 September 2024

Full custom controls for CSPM

You can now create Custom Controls for CSPM via Terraform. Define your REGO code, remediation playbooks and severity from scratch to meet your compliance requirements

Package Deny List for Vulnerability rules

The new Package Deny list vulnerability rule lets you control which packages are allowed in your codebase. By defining these rules, you can enforce stricter security measures and maintain tighter control over your software artifacts.

New Posture Policies

Workload Protection now includes Posture Policies for Bottlerocket, Rocky Linux 9, Ubuntu 20, Ubuntu 22, RHEL 8, and RHEL 9. These new policies are designed to help you maintain security compliance across a broader range of Linux distributions.

20 August 2024

Identify Network Exposure in Inventory

The new added Network Exposure tab in Inventory shows the reason and how resources are exposed. It supports Hosts and Workloads.

Resource Packages in Inventory

You can now use the Packages module in Inventory to track the vulnerabilities and the analyzed packages of your images.

In addition, you can filter by Package to find all workloads with a specific package in your environment.

Layered Analysis Workload Protection now analyzes the image hierarchy exposing the layer each vulnerability has been identified or from which packages introduce each layer. Better ownership and remediation details are included now by differentiating the base image and application layers and including a new set of recommendations to fix the major issues identified in the image.

8 July 2024

IBM Cloud® Security and Compliance Center Workload Protection now supports Cloud Security Posture Management (CSPM) for IBM Cloud resources with the IBM Cloud Framework for Financial Services, Digital Operational Resilience Act (DORA), CIS IBM Cloud Foundations Benchmark, PCI, and many other industry related or best practices standards.

16 April 2024

Workload Protection announces support for Risks, a module that consolidates all findings from your multi-cloud environment and includes an attack path analysis to help you prioritize the major detected risks.

29 April 2024

Workload Protection announces support for Managing the Workload Protection agent in Linux on PowerVS.

8 February 2024

Workload Protection announces the ability to deploy and manage an agent on Satellite using a Helm chart.

20 February 2024

Workload Protection announces support for Inventory, a detailed view of all your resources across your multi-cloud environments (AWS, Azure and Google Public Cloud), Kubernetes environments (such as IKS, ROKS, or any other Kubernetes platform) as well as your container images.

18 January 2024

Deprecation of Sysdig Secure + Monitor plan in IBM Cloud Monitoring

As of 18 January 2024, the Graduated Tier - Sysdig Secure + Monitor plan in IBM Cloud Monitoring is deprecated. For current Workload Protection users, there is no change to functionality. However, if you are currently working with the Sysdig Secure through IBM Cloud Monitoring, you must move to a Workload Protection based plan by the 18 August 2024 to maintain the same functionality. For more information about the transition see the frequently asked questions.

Deprecation of version 1 of the scanning engine

As of 18 January 2024, Version 1 of the scanning engine in Workload Protection is deprecated. The functionality is replaced by a new scanning engine with better performance and more capabilities. Any new instances that are created starting today are automically configured to use the new engine. If you are currently working with an existing instance, you must migrate to the new engine by 18 January, 2025. When you migrate, you must also move from the legacy node-analyzer to the new one. In some cases, uninstalling and reinstalling by using Helm is the simplest approach. If you are working with a pipeline or registry scanning, you will need to start using the new scanning components. Learn more about scanning engines.

18 September 2023

New vulnerability scanning engine available

Workload Protection announces the new vulnerability scanning engine is now available.

10 May 2023

Availability in additional regions

Workload Protection is available for use in multiple regions.

14 April 2023

Limited availability

Workload Protection is available for limited use in the us-east region.