About CSPM
Skyhigh Security Cloud Security Posture Management (CSPM) provides comprehensive discovery and risk-based prioritization, and Shift Left to detect and correct misconfigurations.
- Continuous visibility into multi-cloud environments
- Automated misconfiguration remediation
- Best practice compliance library
- Identify configuration issues before significant impact
Security Configuration Audit
Security Configuration Audit for container infrastructure and orchestration systems such as Kubernetes. Configuration Audit makes sure that the environment’s configuration is not a source of risk. It also secures the environment configuration from drifting over time, exposing unintentional risks. Configuration Audit supports CIS Benchmark tests for Kubernetes and CIS benchmark tests for Docker.
Supported platforms include:
- Amazon Web Services
- Amazon Elastic Container Service (ECS)
- Amazon Elastic Kubernetes Service (EKS)
- AWS Fargate ECS
- AWS Fargate EKS
- AWS Docker
- Google Kubernetes Engine (GKE)
- Azure Kubernetes Service (AKS)
For details see About CSPM Security Configuration Audit.
Vulnerability Assessment for VMs and Containers
CSPM Vulnerability Scans assesses the vulnerability of VM and container components. The scans evaluate the code embedded in VMs and containers at build time, and periodically after that, to make sure that known risks are exposed or mitigated to reduce the opportunities malicious actors have to exfiltrate a container workload.
Supported platforms include:
- Amazon Elastic Container Registry (ECR)
- Amazon Elastic Cloud Compute (EC2)
- Google Container Registry (GCR)
- Google Compute Engine (GCE)
- Microsoft Azure Container Registry (ACR)
- Microsoft Azure Virtual Machine
- API-based support for scanning manifest through Skyhigh Security Endpoint Security
For details, see Vulnerability Assessment (for VMs and Containers).
Shift Left
Shift Left functionality scans the DevOps Infrastructure as Code (IaC) templates to review container infrastructure configuration before it is deployed.
Current supported templates are Helm and CloudFormation for the following supported platforms include:
- Amazon Elastic Container Service (ECS)
- Amazon Elastic Kubernetes Service (EKS)
For details, see About Shift Left.
Runtime Threat Detection
CNAPP for container environments can identify threats at runtime to find issues in supported environments, including discovery, process allowlisting, and workload hardening. CNAPP supports dockerd and containerd as runtime environments.