About Workload Hardening
As part of Cloud Workload Protection Platform (CWPP), Skyhigh CASB helps IT and SOC administrators to periodically assess hardening benchmarks for cloud workloads, so that they continue to meet all compliance requirements.
Workload hardening involves making changes to secure the system, such as keeping installed software up-to-date, securing the file system, remediating network misconfigurations, and more.
Skyhigh CASB supports the "CIS Distribution Independent Linux benchmark" for workload hardening. As of version 5.2.1 it supports Linux-based workloads only.
Prerequisites
Before you can create a Workload Hardening scan for VMs, you must install Skyhigh Security Cloud Workload Protection Platform (CWPP) POPs and CWPP Agents on the endpoints. The agents discover applications on the endpoints and send this data to Skyhigh CASB to build the app inventory. Currently, only Linux-based workloads are supported.
Workload Hardening Page
On the Workload Hardening page, you can manage your Workload Hardening Policies.
Go to Policy > Workload Hardening.
The Workload Hardening page provides the following information and actions:
- Filters. Select options on the Filters tab to scope down your search.
- Search. Search via the Omnibar.
- Actions. Click Actions to:
- Activate Policy
- Deactivate Policy
- Delete Policy
- Settings
- Policy Name. Displays the name of the policy.
- Status. Active or Inactive.
- Platform. Displays the operating system the policy is based on.
- Last Updated. Displays the time and date when the policy was last updated.
- Updated By. Displays the name of the user who last updated the policy.