Introducing
Symantec Cloud Workload Protection

Symantec Cloud Workload Protection
provides a cloud-based security solution that protects instances on
Amazon Web Services
,
Microsoft Azure
,
Google Cloud Platform
(GCP).
Cloud Workload Protection
, and Oracle Cloud Infrastructure dynamically scales to protect the instances that may scale up or down.
Cloud Workload Protection
integrates with
AWS
,
Azure
,
Google Cloud Platform
, and Oracle Cloud Infrastructure to gain real-time visibility into the state of the instances in the cloud.
Cloud Workload Protection
makes recommendations for protection and also detect any changes that violate the specified security policies.
Cloud Workload Protection
discovers the software stacks that are deployed on the instances.
Cloud Workload Protection
follows a three fold approach in protecting your cloud infrastructure.
  • Listen
    Cloud Workload Protection
    listens with cloud-native integration components.
  • Analyze
    Cloud Workload Protection
    has a recommendation engine that works around the clock looking for trigger points that require recompilation of the protection services in place.
  • Act
    Recommends and enforces the right protection.
Features of
Cloud Workload Protection
Understand the key features of
Cloud Workload Protection
that contribute to protecting the cloud deployments.
Cloud native integration
  • The system has built-in cloud native adapters for
    AWS
    ,
    Azure
    , and
    Google Cloud Platform
    that provide a comprehensive security overview of their respective deployments.
  • Enterprise administrator authorizes
    Cloud Workload Protection
    to access the
    AWS
    ,
    Azure
    , and/or
    Google Cloud Platform
    deployments by configuring a connection with the respective cloud service providers.
  • This module enables the system to continuously monitor the cloud deployments to assess the severity of the events on the host.
  • Information around the region, availability zone, VPC (or virtual networks) public or private networks, tags are some of the attributes. These attributes enhance the cloud context of the instance.
  • The metadata around the instance and the operational insights provide additional context to the policy and the alert modules of
    Cloud Workload Protection
    .
  • The platform has both scheduled and real-time polling mechanism.
Continuous integration and continuous deployment process to bake in security
  • After subscribing to the service, you must install an agent on the instance.
  • The agent gets enrolled with the
    Cloud Workload Protection
    server as part of installation.
  • This enrollment creates a continuous communication channel between
    Cloud Workload Protection
    and the instance.
Software service discovery
  • Upon startup, the software service discovery module is activated to determine the software services that are installed on the instance.
  • This data builds up a software inventory of the cloud infrastructure .
Real-time protection from malware
The Anti-Malware feature of the
Cloud Workload Protection
agent provides real-time protection for the instances against known malware.
Cloud Workload Protection
also provides options for on-demand and scheduled Anti-Malware scans.
Automated threat protection policy recommendations
Cloud Workload Protection
provides the following threat protection policies:
  •   Host-based IDS or IPS includes OS and application-specific hardening policies to ensure that critical configurations, network, and process access control changes are monitored.
  •   Application-specific policies define the application behavior. It defines the application behavior in terms of expected behavior and also how other processes on the host can communicate with this application.
  •   Real-time File Integrity Monitoring (RT-FIM) to ensure that key configuration changes are accurately notified for immediate controls.
  •   Ability to either monitor the application and OS behavior (or enforce the application policies).
  • Ability to automatically apply te highest recommended policy group to the instances as soon as
    Cloud Workload Protection
    discovers the instances.
Adaptive threat protection policy workflows
  • Policies may be deployed in monitoring or enforcement mode. Any violations of the policy are logged as events by the agent and sent to the
    Cloud Workload Protection
    server for further processing.
  • The security administrator can drill down to the specific policy rule that may need to be tuned to fit the context of deployment.
  • Similarly,
    Cloud Workload Protection
    can also aggregate the events and alerts. This mechanism reduces the noise to signal the ratio that an administrator has to deal with.
Threat protection that is delivered as a service
Cloud Workload Protection
delivers protection as a service. This model has two important consequences for the enterprise:
  • Security can now be part of an operational expenditure (OpEx) model to fit with the cloud consumption model and reduced overhead on managing the server.
  • In this model, Symantec handles the details around the server management.
Hybrid enterprise
Cloud Workload Protection
agents can be deployed on any host – ranging from
AWS
,
Azure
,
Google Cloud Platform
to OpenStack, VMware, and physical servers. For more information about supported platforms, see:
Integration with third-party vendors
With easy access to a rich set of RESTful APIs, you can find ways to integrate the features of
Cloud Workload Protection
with your solutions.