Features Requiring an Agent or PoP

Last updated
Save as PDF

This topic lists Skyhigh CASB features and indicates whether or not they require an installed Agent or a PoP.

Features	Agent/ PoP	Description
Cloud Service Discovery	None	Discovering and identifying cloud services, which is critical. This is mainly done through logs and APIs.
IaaS On-Demand Configuration Audit	None	This functionality helps you periodically get data from your accounts, run Security Configuration Audit scans, and prioritize and then raise incidents. This is mainly done through logs and APIs.
Configuration Audit Compliance	None	This functionality helps you choose the right policies for your environments such as PCI, HIPAA, FedRAMP, and others.
Custom policies	None	This functionality allows your to create custom policies for your own environments. This functionality is also used for many other features.
IaaS Continuous Evaluation Configuration Audit	None	This functionality helps continuously monitor changes in resources, run Security Configuration Audit scans, and prioritize and then raise incidents against them. This is mainly done through logs and APIs.
IaaS VPC Flow logs	None	This functionality analyzes VPC Flow logs and generated, provides visibility and creates any anomalies against the log data.
DLP Scan for Object Storage	None	This functionality scans the objects in the S3 buckets for sensitive data by pulling data into Skyhigh CASB using APIs.
Malware Scan for Object Storage	None	This functionality scans the objects in the S3 buckets for malware by pulling data into Skyhigh CASB using APIs.
ShiftLeft for Configuration Audit	None	This functionality scans CloudFormation/ Terraform templates for configuration issues.
Kubernetes Configuration Audit	None	This functionality uses logs and APIs to get data about Kubernetes (K8s) configuration and scans for any issues in the code.
Docker Configuration Audit	None*	* This functionality uses the native SSM agent provided by AWS to provide the functionality. This feature requires configuration, not an agent deployment.
Container Repository/ Registry/ Images Configuration Audit	None	This functionality uses logs and APIs to provide data about the configuration of Registries, Repositories, and container images, and runs Security Configuration Audits against them.
Vulnerability Assessment of Container Images	None	This functionality allows you to run Vulnerability Assessment of images in containers, looking at operating systems and packages of components and vulnerabilities against them.
ShiftLeft for Vulnerability Assessment	None	This functionality exposes APIs and scripts that you can use to run Vulnerability Assessments against components of their container images.
In-tenant DLP scan	PoP	This functionality scanning data within your environment, without having to pull the data into Skyhigh CASB and out of your environment.
Vulnerability Assessment	PoP/ Agent (or sidecar)	This functionality allows you to do Vulnerability Assesments on running containers and Virtual Machines and highlight Vulnerabilities against any packages that have been deployed in the running images.
File Integrity Monitoring	PoP/ Agent (or sidecar)	This functionality allows you to track changes to critical files using a PoP and agent in running environments.
Container Image Control	PoP/ Agent (or sidecar)	This functionality allows you to control which containers can run container clusters or virtual machines in running environments.
Application Control	PoP/ Agent (or sidecar)	This functionality allows you to control which applications can run container clusters or virtual machines in running environments.
Malware Scanning	PoP/ Agent	This functionality allows you to scan running Virtual Machines for Malware based on GTI functionality and take remediation actions.
App Hardening	PoP/ Agent	This functionality allows you to periodically check the running operating system configuration of your Virtual Machines and raise issues when bad configurations are found.