Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

CNAPP Architecture

  1. Last updated
  2. Save as PDF

High Level Architecture

Simplified high-level architecture view 

  • The agent sends data through the Data Exchange Layer (DXL) to a Point of Presence (PoP).
  • PoP sends to Skyhigh Security. The PoP is the only point of connectivity to Skyhigh Security Cloud.
  • CNAPP supports Linux and Windows workloads.

cnapp_high.png

Management Architecture

The management architecture manages mapping the policies to individual workloads, status monitoring, task creation, status reporting, and task scheduling.

The management architecture has a robust API platform integration, that helps clients connect deeper into CI/CD pipelines.

Visibility control allows you to look deeper into Virtual Private Cloud (VPC) Flow Logs and Cloud Trails and to visualize and analyze data flows.

The management architecture also supports:

  • Rapid and constant changes across the platform.
  • Comprehensive Risk Prioritization across control planes and workloads.
  • API-first mentality for visibility and control.
  • Forward thinking for paradigms like serverless and FaaS.
  • Feature Flags and telemetry.
  • FaaS – Function as a service.

cnapp_management.png

POP Architecture

The POP architecture supports the following:

  • One-click deployment.
  • Extensible, containerized services.
  • DXL Communication for Agent (and other services).
  • Bring Shift Left (CI/CD Workflow), DLP, and other services to the local network/VPC.
  • Built-in scaling, updating, fault tolerance, and troubleshooting.
  • Full support of the hybrid-cloud, multi-cloud, end state.
  • POP exposes the API for CI/CD integration.
  • CI/CD integration downloads the agent, downloads the installation script, then pushes it toward the client workloads, along with client config for DXL.
  • A script downloads a smart installer that will perform checks, and also download necessary agent plugins.
  • The smart installer will always pull the latest agents and plugins.

** Each region will have a different POP installation.

cnapp_pop.png

Agent Architecture

The Agent architecture is:

  • Light-weight
  • Based on the very mature OSQuery from Facebook
  • Operate in User Space (as opposed to Kernel Space)
  • Modular
  • Easy Auto Updates
  • Optimized for DC/Cloud
  • Cross Platform

DC – Domain Controller

cnapp_agent.png

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.