Cyber Security Growth: Cloud Workload Protection Platforms (CWPP)

Host Introduction

• Host: Sean Valley, Executive Director and CSO of Cyber Security Growth
• Previous roles: Chief Security Officer at Rapid 7 and Trisentis

What is CWPP?

• Defined by Gartner as a workload-centric security solution for modern enterprise environments
• Targets unique protection requirements for workloads: physical servers, virtual machines (VMs), containers, and serverless workloads
• Applications can include physical servers in co-location data centers or in the public cloud

Persistence of Workloads

• Workloads can be persistent (e.g., servers expected to last years) or non-persistent (e.g., VMs spun up monthly/weekly, containers used and discarded)
• Security solutions must adapt to shrinking, diversified, and ephemeral workloads
• Distinct from Endpoint Protection Platforms (EPP); specifically focused on workloads

CWPP and CSPM Integration

• CWPP solutions often work seamlessly with Cloud Security Posture Management (CSPM)
• Both provide critical security functionalities, performed differently

Key Definitions & Understanding

• Gartner: CWPP products give visibility and control for physical machines, VMs, containers, and serverless workloads
• Wikipedia: CWPP is agent-based, involving software agents running within machines to monitor and send security data to a cloud service
• Importance of understanding CWPP using various sources and real-world experience in environments like Kubernetes and serverless

Why is CWPP Important?

1. Legacy Applications: Not all functionalities can be moved to the cloud
2. Hybrid and Multi-cloud Environments: Organizations often use multiple cloud vendors; security complications arise
3. DevOps & CI/CD: Code from various sources needs quick responses; continuous integration and deployment can pose risks
4. Speed vs. Security: Balancing fast deployment with security; CWPP aids in securing fast-paced environments

How CWPP Works

• Should discover workloads in on-premise/public cloud and manage unmanaged workloads
• Perform vulnerability assessments, apply appropriate security measures:
  • Integrity protection
  • Immutability
  • Whitelisting
  • Memory protection
  • Host-based intrusion prevention
  • Optional anti-malware protection per regulations

Key Benefits of CWPP

1. Workloads: Consistent security across servers, VMs, containers, and serverless
2. Security Constraints: In both runtime and development
3. Hybrid Environments: Assists in digital transformation
4. Multi-cloud Environments: Manages risks in multiple cloud setups
5. Discoverability & Visibility: Crucial for managing numerous workloads

Key Players in CWPP Space

1. Wiz: Focused on multi-environment, multi-cloud; prominent player
2. Lacework: Data-driven; broad capabilities
3. Orca Security: Unified platform for various security needs
4. Microsoft Defender for Cloud: Integrated with the Microsoft ecosystem
5. Trend Micro: Known for Cloud One platform
6. VMware Carbon Black: Existing client base for carbon black
7. Palo Alto Prisma Cloud: Renowned in the security industry
8. Illumio: Long-standing in CWPP
9. Sophos: Known for its broader security solutions
10. SentinelOne Singularity Cloud: Recognized in endpoint protection
11. Sysdig Secure: Strong in visibility and security policies
12. Trellix Cloud Security: Newly recognized player

Other Mentioned Players

• Aqua Security: Known for vulnerability management in cloud environments
• Provides valuable insights in APIs and Kubernetes environments

Conclusion

• Weekly live sessions on Twitch, Fridays at 10:30 AM ET, and podcast episodes available later
• Host: Sean Valley signing off from Cyber Security Growth.