Release notes for IBM Cloud Security and Compliance Center Workload Protection

10 October 2024

Now Generally Available: Posture Management for IBM Cloud in SCC Workload Protection

SCC Workload Protection now provides posture management (CSPM) for IBM Cloud resources with regulatory and industry leading out-of-the-box policies, a unified compliance posture dashboard with detailed remediation guidance and a comprehensive view of assets across hybrid multicloud.

For more information, check out About IBM Cloud Security Posture Management (CSPM).

30 September 2024

Full custom controls for CSPM

You can now create Custom Controls for CSPM via Terraform. Define your REGO code, remediation playbooks and severity from scratch to meet your compliance requirements

Package Deny List for Vulnerability rules

The new Package Deny list vulnerability rule lets you control which packages are allowed in your codebase. By defining these rules, you can enforce stricter security measures and maintain tighter control over your software artifacts.

New Posture Policies

Workload Protection now includes Posture Policies for Bottlerocket, Rocky Linux 9, Ubuntu 20, Ubuntu 22, RHEL 8, and RHEL 9. These new policies are designed to help you maintain security compliance across a broader range of Linux distributions.

20 August 2024

Identify Network Exposure in Inventory

The new added Network Exposure tab in Inventory shows the reason and how resources are exposed. It supports Hosts and Workloads.

Resource Packages in Inventory

You can now use the Packages module in Inventory to track the vulnerabilities and the analyzed packages of your images.

In addition, you can filter by Package to find all workloads with a specific package in your environment.

Layered Analysis Workload Protection now analyzes the image hierarchy exposing the layer each vulnerability has been identified or from which packages introduce each layer. Better ownership and remediation details are included now by differentiating the base image and application layers and including a new set of recommendations to fix the major issues identified in the image.

8 July 2024

IBM Cloud® Security and Compliance Center Workload Protection now supports Cloud Security Posture Management (CSPM) for IBM Cloud resources with the IBM Cloud Framework for Financial Services, Digital Operational Resilience Act (DORA), CIS IBM Cloud Foundations Benchmark, PCI, and many other industry related or best practices standards.

16 April 2024

Workload Protection announces support for Risks, a module that consolidates all findings from your multi-cloud environment and includes an attack path analysis to help you prioritize the major detected risks.

29 April 2024

Workload Protection announces support for Managing the Workload Protection agent in Linux on PowerVS.

8 February 2024

Workload Protection announces the ability to deploy and manage an agent on Satellite using a Helm chart.

20 February 2024

Workload Protection announces support for Inventory, a detailed view of all your resources across your multi-cloud environments (AWS, Azure and Google Public Cloud), Kubernetes environments (such as IKS, ROKS, or any other Kubernetes platform) as well as your container images.

18 January 2024

Deprecation of Sysdig Secure + Monitor plan in IBM Cloud Monitoring

As of 18 January 2024, the Graduated Tier - Sysdig Secure + Monitor plan in IBM Cloud Monitoring is deprecated. For current Workload Protection users, there is no change to functionality. However, if you are currently working with the Sysdig Secure through IBM Cloud Monitoring, you must move to a Workload Protection based plan by the 18 August 2024 to maintain the same functionality. For more information about the transition see the frequently asked questions.

Deprecation of version 1 of the scanning engine

As of 18 January 2024, Version 1 of the scanning engine in Workload Protection is deprecated. The functionality is replaced by a new scanning engine with better performance and more capabilities. Any new instances that are created starting today are automically configured to use the new engine. If you are currently working with an existing instance, you must migrate to the new engine by 18 January, 2025. When you migrate, you must also move from the legacy node-analyzer to the new one. In some cases, uninstalling and reinstalling by using Helm is the simplest approach. If you are working with a pipeline or registry scanning, you will need to start using the new scanning components. Learn more about scanning engines.

18 September 2023

New vulnerability scanning engine available

Workload Protection announces the new vulnerability scanning engine is now available.

10 May 2023

Availability in additional regions

Workload Protection is available for use in multiple regions.

14 April 2023

Limited availability

Workload Protection is available for limited use in the us-east region.