Cloud Workload Protection (CWPP)

Cloud Workload Protection

Hillstone CWPP Solution

Moving from VMs to Container Orchestration

Modern enterprise network environments are increasingly transforming to be cloud-based, where both applications and data storage are hosted in a cloud—and often multi-cloud—environment. The attack surfaces and security protection requirements of software in distributed cloud environments are vastly different from those in traditional network architectures, where applications and data are hosted on enterprise-owned servers in on-premise data centers.

Along with the business environment transformation, there is a parallel trend in the modernization of software development processes and environments. Applications have evolved from single-server software installs, to virtual machine (VM) server-independent environments, and more recently, to container-based technology. In these modern cloud-native, container-based architectures, the security mechanisms and protections for your business applications must evolve in line with software development methods and tools, as well as with the threats that exist during deployment, orchestration and day-to-day operation.

Why Do We Need Container Security?

Rapid application development and deployment are key to an enterprise achieving and maintaining a competitive advantage. Being able to take advantage of DevOps processes and run efficient CI/CD pipelines are hallmarks of agile teams. Likewise, embracing containers and Kubernetes and extending into serverless options are associated with modern application development. However, the expanded suite of technologies is met with a similarly expanded threat landscape that is rife with attackers looking to exploit new zero-day vulnerabilities on existing and new software applications. Recent vulnerabilities in operating system packages, common open-source libraries, as well as increasing attacks on cloud-hosted enterprise applications are driving CISOs to find security solutions that:

Integrate into existing CI/CD and DevOps environments and processes — Security solutions need to seamlessly fit into today’s application pipelines without adding significant overhead or complexity.
Support multiple public and private clouds — Development teams today are running services and deploying assets to multiple public clouds (and private clouds).
Protect bare metal, virtual machines, containers, and serverless workloads — Enterprises seldom have just one application deployment environment. Different teams will use different platform architectures. A sufficient cloud workload security solution needs to support all the variations.
Full application stack visibility — Security solutions need to cover all elements in a deployment, from each Kubernetes worker node to operating system hosts.

Hillstone Networks CWPP Solution CloudArmour

Hillstone CloudArmour — Comprehensive Cloud Workload Protection

Hillstone’s CloudArmour is a cloud workload protection platform (CWPP) that provides comprehensive protection for all cloud workloads, including containers, VMs and other execution environments. CloudArmour provides enterprise IT teams with cloud-native container security capabilities for the Kubernetes environment. With extensive monitoring capabilities, proven intrusion detection and response features, and advanced learning-enhanced behavior modeling, Hillstone’s CloudArmour has demonstrated its value in demanding production environments across critical industries, such as financials, and utilities

Easy integration into DevOps pipelines

CloudArmour integrates into all stages of a development pipeline and folds into standard CI/CD deployment to ensure security across all stages.

Multi-cloud and hybrid cloud support

Hillstone’s platform supports both private clouds as well as multiple public clouds.

Wide range of workload coverage

From bare-metal host, to VM, to containers, to serverless, Hillstone’s CWPP leaves no workload unprotected.

Host and container dual protection

Hillstone’s CWPP covers both the application in the container and the host simultaneously, monitoring dual sources of threats in real-time.

Micro-segmentation and intrusion capabilities

Hillstone’s CloudArmour is able to implement zero-trust and micro-segmentation through the use of traffic diversion, supplying an added layer of protection.

Comprehensive single-dashboard visibility

As with all of Hillstone’s products, our CWPP solution is managed from a single control point, regardless of the number of cloud environments the solution is deployed to, saving OpEx and improving visibility.

In summary, CloudArmour allows users to see all their cloud workloads, understand how assets and network traffic interact with each other, and allows users to act intelligently via a smart policy assistant and various policy configuration capabilities. This results in a cyber-resilient cloud scheme that’ll work, and be able to endure agile known and unknown threats in the cloud space.