Skip to main content
Skyhigh Security

About CSPM

Skyhigh Security Cloud Security Posture Management (CSPM) provides comprehensive discovery and risk-based prioritization, and Shift Left to detect and correct misconfigurations.

  • Continuous visibility into multi-cloud environments
  • Automated misconfiguration remediation
  • Best practice compliance library
  • Identify configuration issues before significant impact

Security Configuration Audit

Security Configuration Audit for container infrastructure and orchestration systems such as Kubernetes. Configuration Audit makes sure that the environment’s configuration is not a source of risk. It also secures the environment configuration from drifting over time, exposing unintentional risks. Configuration Audit supports CIS Benchmark tests for Kubernetes and CIS benchmark tests for Docker.

Supported platforms include:

  • Amazon Web Services
    • Amazon Elastic Container Service (ECS)
    • Amazon Elastic Kubernetes Service (EKS)
    • AWS Fargate ECS
    • AWS Fargate EKS
    • AWS Docker
  • Google Kubernetes Engine (GKE)
  • Azure Kubernetes Service (AKS)

Container Vulnerability Scan

CSPM Container Vulnerability Scan assesses the vulnerability of container components. The scan evaluates the code embedded in containers at build time, and periodically after that, to make sure that known risks are exposed or mitigated to reduce the opportunities malicious actors have to exfiltrate a container workload.

Supported platforms include:

  • Amazon Elastic Container Registry (ECR)
  • Amazon Elastic Cloud Compute (EC2)
  • Google Container Registry (GCR)
  • Google Compute Engine (GCE)
  • Microsoft Azure Container Registry (ACR)
  • Microsoft Azure Virtual Machine
  • API-based support for scanning manifest through Skyhigh Security Endpoint Security

Shift Left

Shift Left functionality scans the DevOps Infrastructure as Code (IaC) templates to review container infrastructure configuration before it is deployed.

Current supported templates are Helm and CloudFormation for the following supported platforms include:

  • Amazon Elastic Container Service (ECS)
  • Amazon Elastic Kubernetes Service (EKS)

Runtime Threat Detection

CNAPP for container environments can identify threats at runtime to find issues in supported environments, including discovery, process allowlisting, and workload hardening. CNAPP supports Docker as a container runtime environment.

  • Was this article helpful?