This section describes how to use CloudGuard to manage and protect workloads in your AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. and Microsoft Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. environments and to secure containers in clusters.
CloudGuard provides these kinds of protection:
Risk Assessment (Proact) - Runs risk assessments on the AWS Lambda (serverless) functions in AWS environments that are onboarded to CloudGuard. This includes, for example, identification of overly permissive IAM Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. roles, scanning for vulnerabilities, and hard-coded credentials. The result of the assessment is shown for each asset. This type of protection is available for AWS environments only.
Runtime Protection - Monitors AWS serverless functions at runtime, checks inputs and runtime behavior, and generates notifications for suspicious behavior. In addition, you can apply Runtime Protection to AWS functions at the CI/CD stage on their deployment in your environment. For Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. clusters, Runtime Protection monitors the kernel system calls done by workload containers. You can optionally configure CloudGuard to block unwanted, malicious, or anomalous activity that it discovers. This type of protection is available for AWS environments and Kubernetes clusters.
Admission Control - Monitors your clusters and enforces a security baseline on a namespace or cluster. It can detect if your clusters do not comply with the common practices of having good labels, annotations, resource limits, or other settings.
Image Assurance - Helps you analyze Kubernetes images at each stage of their life cycle to make sure that they are clean. The Image Assurance agents continuously check the clusters and registries for all images. If the agent identifies an unknown image, it scans and analyzes the image to find vulnerabilities, exploits, malware, viruses, trojans, credential leakage, and other malicious threats. This type of protection is available only for container images.
Agentless Workload Posture (AWP) - Provides continuous security assessment of your workloads without the need to install agents in each virtual machine.