Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Workload Hardening

As part of Cloud Workload Protection Platform (CWPP), Skyhigh CASB helps IT and SOC administrators to periodically assess hardening benchmarks for cloud workloads, so that they continue to meet all compliance requirements.

Workload hardening involves making changes to secure the system, such as keeping installed software up-to-date, securing the file system, remediating network misconfigurations, and more. 

Skyhigh CASB supports the "CIS Distribution Independent Linux benchmark" for workload hardening. As of version 5.2.1 it supports Linux-based workloads only.


Before you can create a Workload Hardening scan for VMs, you must install Skyhigh Security Cloud Workload Protection Platform (CWPP) POPs and CWPP Agents on the endpoints. The agents discover applications on the endpoints and send this data to Skyhigh CASB to build the app inventory. Currently, only Linux-based workloads are supported. 

Workload Hardening Page

On the Workload Hardening page, you can manage your Workload Hardening Policies

Go to Policy > Workload Hardening


The Workload Hardening page provides the following information and actions:

  • Filters. Select options on the Filters tab to scope down your search. 
  • Search. Search via the Omnibar
  • Actions. Click Actions to:
  • Policy Name. Displays the name of the policy. 
  • Status. Active or Inactive. 
  • Platform. Displays the operating system the policy is based on. 
  • Last Updated. Displays the time and date when the policy was last updated. 
  • Updated By. Displays the name of the user who last updated the policy. 
  • Was this article helpful?