Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

Cloud/next-generation gateway security

CWPP (Cloud Workload Protection Platform)

What is CWPP

As the cloud shift progresses, the introduction of various services such as IaaS, PaaS, containers, and serverless is spreading. Compared to conventional on-premises, there is no need to manage servers etc. in-house, so there is an advantage that the operational load can be reduced.
On the other hand, along with the use of cloud services, incidents of information leaks have also occurred. Therefore, security measures are also very important, but due to differences in architecture, measures different from conventional server security are required.

This time, we will introduce a solution for workloads called Cloud Workload Protection Platform (CWPP).

What is a workload

With the advent of technologies like containers and serverless, a wide variety of workloads have emerged. Let's take three representative workloads as an example.

VM (virtual machine)

A virtual machine represented by Amazon's AWS and Google's CGP instance. A form in which an OS is provided for each machine, and the OS, applications, and data are not separated.

container

It is implemented by a technology called container-type virtualization represented by Docker, and provides a virtual user space called a container on top of the OS. Unlike virtual machines, multiple virtual user spaces can be provided on one OS.
In a virtual machine, it is necessary to prepare an OS for each user space, but in a container, it is possible to provide multiple user spaces just by preparing one OS.
There are also cases where containers are provided as services by public cloud providers called CaaS (Container as a Service), and services called on-demand containers that do not require knowledge and settings of the host OS and VMs that form the basis of CaaS.

Serverless

A form of service that can be used by developers simply by creating application code, without the need for a VM or host OS. Typical services include Amazon Lambda and Azure Functions.

Functions provided by CWPP

As described above, centralized security measures are required for various workloads, so CWPP provides the following functions.

  • Vulnerability countermeasures
  • runtime protection
  • Compliance compliance
  • Applying security to the lifecycle

CWPP implementation form

CWPP can be broadly divided into two deployment methods.

agent's

Installation required

merit

Demerit
(1) Agent type requirement Collect detailed information about your workload Agents must be installed on all monitored workloads
(2) Agentless type unnecessary Easy to deploy (via API from CWPP's management console) less information to collect

Related solutions

Skyhigh Security
Skyhigh Security
Click here for solution details
Click here to request materials
Prisma Cloud (formerly Twistlock)
Prisma Cloud (formerly Twistlock)
Click here for solution details
Click here to request materials