Skip to main content
McAfee Enterprise MVISION Cloud

Features Requiring an Agent or PoP

This topic lists Skyhigh CASB features and indicates whether or not they require an installed Agent or a PoP. 

 

Features

Agent/ PoP

Description

Cloud Service Discovery

None

Discovering and identifying cloud services, which is critical. This is mainly done through logs and APIs.

IaaS On-Demand Configuration Audit

None

This functionality helps you periodically get data from your accounts, run Security Configuration Audit scans, and prioritize and then raise incidents. This is mainly done through logs and APIs.

Configuration Audit Compliance

None

This functionality helps you choose the right policies for your environments such as PCI, HIPAA, FedRAMP, and others.

Custom policies

None

This functionality allows your to create custom policies for your own environments. This functionality is also used for many other features.

IaaS Continuous Evaluation Configuration Audit

None

This functionality helps continuously monitor changes in resources, run Security Configuration Audit scans, and prioritize and then raise incidents against them. This is mainly done through logs and APIs.

IaaS VPC Flow logs

None

This functionality analyzes VPC Flow logs and generated, provides visibility and creates any anomalies against the log data.

DLP Scan for Object Storage

None

This functionality scans the objects in the S3 buckets for sensitive data by pulling data into Skyhigh CASB using APIs.

Malware Scan for Object Storage

None

This functionality scans the objects in the S3 buckets for malware by pulling data into Skyhigh CASB using APIs.

ShiftLeft for Configuration Audit

None

This functionality scans CloudFormation/ Terraform templates for configuration issues.

Kubernetes Configuration Audit

None

This functionality uses logs and APIs to get data about Kubernetes (K8s) configuration and scans for any issues in the code.

Docker Configuration Audit

None*

* This functionality uses the native SSM agent provided by AWS to provide the functionality. This feature requires configuration, not an agent deployment. 

Container Repository/ Registry/ Images Configuration Audit

None

This functionality uses logs and APIs to provide data about the configuration of Registries, Repositories, and container images, and runs Security Configuration Audits against them.

Vulnerability Assessment of Container Images

None

This functionality allows you to run Vulnerability Assessment of images in containers, looking at operating systems and packages of components and vulnerabilities against them.

ShiftLeft for Vulnerability Assessment

None

This functionality exposes APIs and scripts that you can use to run Vulnerability Assessments against components of their container images.

In-tenant DLP scan

PoP

This functionality scanning data within your environment, without having to pull the data into Skyhigh CASB and out of your environment.

Vulnerability Assessment

PoP/ Agent (or sidecar)

This functionality allows you to do Vulnerability Assesments on running containers and Virtual Machines and highlight Vulnerabilities against any packages that have been deployed in the running images.

File Integrity Monitoring

PoP/ Agent (or sidecar)

This functionality allows you to track changes to critical files using a PoP and agent in running environments. 

Container Image Control

PoP/ Agent (or sidecar)

This functionality allows you to control which containers can run container clusters or virtual machines in running environments.

Application Control

PoP/ Agent (or sidecar)

This functionality allows you to control which applications can run container clusters or virtual machines in running environments.

Malware Scanning

PoP/ Agent

This functionality allows you to scan running Virtual Machines for Malware based on GTI functionality and take remediation actions.

App Hardening

PoP/ Agent

This functionality allows you to periodically check the running operating system configuration of your Virtual Machines and raise issues when bad configurations are found.

  • Was this article helpful?