IBM Cloud Docs
Key features of IBM Cloud Security and Compliance Center Workload Protection

Key features of IBM Cloud Security and Compliance Center Workload Protection

IBM Cloud® Security and Compliance Center Workload Protection offers functionality to protect workloads, get deep cloud and container visibility, posture management (compliance, benchmarks, CIEM), vulnerability scanning, forensics, and threat detection and blocking.

Provides a unified and centralized framework to manage the security and compliance of applications, workloads and infrastructure

  • Provides a unified and centralized framework to manage the security and compliance of applications, workloads and infrastructure and protect workloads and resources that run on IBM Cloud, in other clouds, and on-prem. Presents relevant performance and security data in one location.

  • Is built on open standards for cloud native security and control, including Falco, the open source standard for cloud threat detection, and Open Policy Agent (OPA), the open source standard for policy-as-code.

  • Offers a workload protection platform (WPP) that focuses on management and security controls for workloads.

  • Offers a compliance platform (CP) that focuses on management and compliance controls that are required to meet industry standards and laws.

  • Includes Cloud security posture management (CSPM) to help you secure the infrastructure where workloads are deployed.

  • Includes Kubernetes Security Posture Management (KSPM) to help you secure Kubernetes clusters or Openshift clusters, and the workloads running within it.

  • Offers alerting on violations, and assists with remediation tasks.

Offers host and image scanning, auditing, and runtime vulnerability management capabilities

  • Filters and surfaces vulnerabilities in images, clusters, namespaces, or hosts.

  • Alerts on unscanned images or images when the evaluation status changes with new vulnerabilities.

  • Logs user actions, container activity, and command arguments.

  • Enforces security policies and blocks attacks.

Provides posture management for a distributed environment

  • Schedules customized benchmark tests to run across cloud, hosts, services, or clusters.

  • Controls compliance at cloud, orchestrator, and container level.

  • Tracks and optimizes cloud users permissions and entitlements.

  • Exports results to SIEM, logging clusters, or other tools.

Provides runtime detection and data enrichment

  • Identifies and blocks threats in real-time, based on application, container, and network activity.

  • Instruments Kernel to track all app, container, host, and network system calls.

  • Views security policy violations based on orchestrated services.

  • Manages multi-cloud events by using single and multiple accounts.

Supports incident response and forensics

  • Protects distributed, dynamic, and ephemeral services with a single-service policy with no manual configuration.

  • Creates detailed system captures for any policy violation or incident, so you can respond to malicious activity.

  • Drills-down from policy violations into captures of pre- and post-attack activity.

  • Views SCAP files to see all system activity before, during, and after any security event.

  • Creates detailed system captures for any policy violation or incident so you can respond to on malicious activity.

  • Integrates alerting and incident response.