Ermetic announced it has extended its
Cloud Native Application Protection Platform (
CNAPP)
with cloud workload protection capabilities that enable customers to detect,
prevent and remediate security risks in virtual machines, containers and
serverless functions. Using context that spans infrastructure configurations,
network, access entitlements and other settings, Ermetic identifies and
prioritizes threats on AWS, GCP and Microsoft Azure that require immediate
attention. This full stack approach automates cloud workload protection against
breaches, while allowing organizations to satisfy compliance requirements and
implement industry best practices.
According to Gartner, Inc., "Optimal security of cloud-native applications
requires an integrated approach that starts in development and extends to
runtime protection. SRM (security risk management) leaders should evaluate
emerging cloud-native application protection platforms that provide a complete
life cycle approach for security."
Ermetic uses an agentless approach to efficiently scan workloads - including
virtual machines, container images, runtime containers and serverless functions
- for critical risks. The platform enables organizations to secure their cloud
and maintain compliance by detecting vulnerabilities, exposed secrets,
sensitive data, malware and misconfigurations. Stand-alone Cloud Workload Protection
solutions can generate a large volume of alerts. In isolation, determining
which are most serious and need immediate attention is manually intensive and
time consuming. In contrast, Ermetic puts workload risks in context,
automatically prioritizing and facilitating remediation.
"Protecting cloud workloads from breaches requires a continuous and full
stack assessment of installed software, the operating system, configurations,
access entitlements, suspicious activity and more," said Sivan Krigsman, Chief
Product Officer at Ermetic. "With our platform's unmatched, end-to-end insight
into cloud workloads, Ermetic enables security and DevSecOps teams to
prioritize remediation by identifying resources that are exposed to threats or
have the largest blast radius."
Holistic Cloud Workload
Protection
The Ermetic CNAPP provides enriched cloud workload protection not available
from single purpose products. Using an identity-first approach Ermetic unifies
workload protection with cloud infrastructure entitlement management (CIEM) and
cloud security posture management (CSPM) to provide deep, centralized
visibility into all of the resources in the cloud environment. These
capabilities enable the Ermetic CNAPP to deliver comprehensive cloud workload
protection that covers:
- Detection of installed packages, software vulnerabilities, stored secrets,
sensitive customer data, malware and configuration errors
- Protection for virtual machines, K8S Clusters, container images and
serverless functions
- Vulnerability assessment and visualization into cloud workload risk with
intelligence gathered across virtual machines, serverless functions, container
images and Kubernetes clusters
- Risk-based prioritization that correlates vulnerabilities across operating
system packages, applications and libraries with additional workload
characteristics, such as network exposure and permission levels
- Help in achieving compliance with standards that mandate a vulnerability
management program, such as AWS Well Architected, CSA, NIST, ISO 27001 and SOC
II.
Availability
The new cloud workload protection capabilities are available immediately in the
Ermetic CNAPP from Ermetic and its business partners worldwide.