Search

Cloud Workload Protection

With Cortex® Cloud, you can secure hosts, containers and serverless deployments across the entire application lifecycle.

Cloud Workload Protection Platform Hero Front Image

Cloud-native applications are increasingly distributed across VMs, hosts, containers, Kubernetes® and serverless architectures. Unique security requirements for each make consistent workload protection a challenge.

Environments are constantly evolving

With DevOps teams deploying weekly, daily or even hourly, public and private cloud environments are constantly changing. Security teams struggle to gain control over these deployments without slowing down release velocity.

The shift to the cloud means more entities to secure

DevOps and infrastructure microservices teams are leveraging a combination of containers, Kubernetes and serverless functions to run cloud-native applications. This diversity, along with an ever-increasing cloud footprint, leads to a much larger number of entities to protect.

Diverse architectures limit visibility and impede protections

Enterprises use wide-ranging combinations of public and private clouds, cloud services and application architectures. These complex environments create blind spots and protection challenges for overworked security teams.

Secure hosts, containers and serverless across multicloud and hybrid environments

Cortex Cloud is a comprehensive Cloud Workload Protection solution that delivers flexible protection to secure cloud VMs, containers and Kubernetes apps, serverless functions and containerized offerings like AWS Fargate® tasks. With Cortex Cloud, DevOps and cloud infrastructure teams can adopt the architecture that fits their needs without worrying about security keeping pace with release cycles or protecting a variety of tech stacks.
  • Support for public and private clouds
  • Flexible agentless scanning and agent-based protection
  • Security integrated across the application lifecycle
  • Icon Vulnerability management
    Vulnerability management
  • Icon Compliance
    Compliance
  • Icon CI/CD security
    CI/CD security
  • Icon Runtime defense
    Runtime defense
  • Icon Container access control
    Container access control
  • Icon Image Analysis Sandbox
    Image Analysis Sandbox
  • Icon Trusted Images
    Trusted Images
  • Icon Web App and API Security
    Web App and API Security
  • Icon Agentless and agent-based security
    Agentless and agent-based security
SOLUTION

Our approach to cloud workload protection

Vulnerability management

Securing cloud-native applications requires a comprehensive view into vulnerabilities across the application lifecycle. Cortex Cloud delivers a centralized view to help prioritize risks in real time across public cloud, private cloud and on-premises environments for every host, container and serverless function.

  • Manage risk from a single UI

    Prioritize risk across host OS, container images and serverless functions with intelligent risk scoring.

  • See vulnerability status with remediation guidance

    View every CVE with details and up-to-date vendor fix information, supporting all cloud-native technologies.

  • Alert on or prevent vulnerabilities across environments

    Set precise policies to alert on or prevent vulnerable components from running on your environments.

  • Integrate security into your CI/CD pipeline.

    Continuously monitor container registries as well as explicitly define trustworthy images, registries and repositories.

  • Integrate data with your existing systems

    Integrate vulnerability alerts into common endpoints, including JIRA®, Slack®, PagerDuty®, Splunk®, Cortex® XSOAR, ServiceNow® and more.

Vulnerability management

Compliance

Cloud-native applications require purpose-built controls to gain visibility into compliance posture and maintain compliance for dynamic, ephemeral infrastructures. Cortex Cloud delivers real-time and historical views into compliance status for hosts, containers and serverless functions.

  • Achieve compliance from a single solution

    Centrally monitor compliance posture with a single dashboard that covers hosts, containers and serverless functions as well as Kubernetes and Istio®.

  • Use 400+ customizable checks for cloud-native applications

    Cover leading frameworks, including PCI DSS, HIPAA, GDPR and NIST SP 800-190, with prebuilt compliance templates.

  • Leverage CIS Benchmarks

    Implement or customize checks based on CIS Benchmarks, with approved coverage for the AWS®, Docker®, Kubernetes and Linux CIS Benchmarks.

  • Ensure image trust

    Use trusted images to ensure that application components only originate from authorized sources.

  • Integrate compliance across the application lifecycle

    Add compliance checks as part of the full application lifecycle to alert on or prevent misconfigurations in your applications from reaching production.

Compliance

CI/CD security

To secure cloud-native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

  • Connect your infrastructure and application risks

    Identify exposed issues within your codebase and eliminate false positives to prioritize critical remediations faster.

  • Visualize your software supply chain

    Create a consolidated inventory of code risks and CI/CD pipelines across your engineering ecosystem.

  • Surface scan results in developer tooling and central dashboards

    View scan results and details, both at their source and with an aggregated view.

  • Visualize breach pathways

    Unravel complex relationships to help identify breach pathways to reach business-critical assets.

  • Enforce security policies to prevent builds from moving forward in pipelines

    Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

CI/CD security

Runtime defense

Cloud-native applications scale dynamically, requiring a modern automated approach to protection that prevents applications from unwanted activity and threats. With Cortex Cloud, ensure hosts, containers and serverless applications are secure — whether you’re running on public clouds, private clouds or on-premises.

  • Unify protection with a single agent

    Secure them all from a single solution. Cortex Cloud supports Linux and Windows® hosts, containers and Kubernetes, as well as emerging technologies like PaaS and serverless.

  • Automate security without needless manual effort

    Automate baseline policies across process, file system and network activity to achieve security at enterprise scale.

  • Capture detailed forensics of every audit or security incident

    Automatically and securely gather forensics details in a powerful timeline view to enable incident response. You can view data in Cortex Cloud or send it to other systems for deeper analysis.

  • Prevent activity across any environment

    Manage runtime policies all from a centralized console to ensure security is always present as part of every deployment.

  • Enable your SOC teams with context-rich data

    With mapping of incidents to the MITRE ATT&CK® framework, along with detailed forensics and rich metadata, eliminate the challenges for SOC teams in identifying and tracking threats for ephemeral cloud-native workloads.

Runtime defense

Container Access Control

Modern applications need deep, integrated security to protect the entire application stack. With Cortex Cloud, organizations can leverage security optimized for cloud-native architectures.

  • Gain control over Docker activities

    Manage rules governing Docker configurations, containers, images, nodes, plugins, services and more to ensure your environment runs as you choose.

  • Manage secrets for your containers

    Take advantage of integration with secrets management tools, like CyberArk® and HashiCorp®, to ensure your secrets are properly managed and secured.

  • Capture Kubernetes audits

    Deploy security purpose-built for cloud-native tech stacks. Cortex Cloud ingests Kubernetes audit data and surfaces rules to identify events to alert on.

  • Secure deployments with Open Policy Agent

    Craft rules in Rego policy language to gain control over every deployment.

  • View audit results in a single dashboard

    Surface all audit alerts and activities in a single pane of glass for analysis.

Access control

Image Analysis Sandbox

Safely pull and run container images that possibly contain outdated, vulnerable packages and embedded malware from external repositories. With Image Analysis Sandbox, you can expose risks and identify suspicious dependencies buried deep in your software supply chain that would otherwise be missed by static analysis.

  • Capture detailed runtime profile of the container

    Dynamically scan images in a sandbox virtual machine by collecting processes, networking and filesystem events that occurred while the container was running in the sandbox. The events are displayed for an overview of the container behavior at runtime.

  • Assess the risk of an image

    Scan for suspicious and anomalous container behavior, such as malware, cryptominers, port scanning, modified binary or kernel module modification.

  • Incorporate dynamic analysis into your workflow

    Shift container security left by integrating the Image Analysis Sandbox into CI/CD workflows.

Image Analysis Sandbox

Trusted Images

Not all container images are created equal. While it is practical to pull images from external repositories, it leaves you vulnerable to one of the most common high-risk scenarios: These images may contain outdated, vulnerable packages and can contain embedded malware. Trusted Images is a security control that lets you declare by policy which registries, repositories and images you trust, as well as how to respond when untrusted images are started in your environment.

  • Enable key countermeasures for major container risks

    Define which images are permitted to run in your environment. Specify registries, repositories and images that are considered trustworthy. If an untrusted image runs, Cortex Cloud will issue an audit, raise an alert and optionally block the container from running.

  • Establish trust

    Establish trust by point of origin (registry or repository) or base layer. Monitor the origin of all containers on the hosts.

Trusted Images

Flexible control

Cloud workloads and apps constantly evolve. Organizations need agile, integrated controls to ensure the entire stack is protected. Only Cortex Cloud offers the flexibility to use agentless and agent-based protections that suit your needs.

  • Agentless scanning for easy visibility

    Gain rapid visibility without deploying preventive or blocking capabilities. Agentless scanning provides quick assessments of risk, including known CVEs, misconfigurations and other security issues.

  • Agent-based protection for runtime threats

    A unified agent framework supports defense in depth to secure cloud-native apps. Agent-based protection provides deep forensic visibility and preventive policies to block and stop suspicious activity.

  • Unified console and one policy engine for both approaches

    Cortex Cloud is the industry's only solution to offer both agentless and agent-based security — all managed from a single location.

Flexible control

Additional Cloud Runtime Security capabilities

AI-Driven Cloud Detection and Response (CDR)

Stop cloud attacks with real-time protection, detection and response.

Learn more

API Security

Discover, profile and protect APIs in real time.

Learn more

Web Application Security

Protect web applications across any cloud-native architecture, public or private.

Learn more

Container & Kubernetes Security

Secure Kubernetes® and other container platforms on any public or private cloud, from code to cloud with Cortex Cloud

Learn more

Get the latest news, invites to events, and threat alerts