Features Requiring an Agent or PoP
This topic lists Skyhigh CASB features and indicates whether or not they require an installed Agent or a PoP.
Features |
Agent/ PoP |
Description |
---|---|---|
Cloud Service Discovery |
None |
Discovering and identifying cloud services, which is critical. This is mainly done through logs and APIs. |
IaaS On-Demand Configuration Audit |
None |
This functionality helps you periodically get data from your accounts, run Security Configuration Audit scans, and prioritize and then raise incidents. This is mainly done through logs and APIs. |
Configuration Audit Compliance |
None |
This functionality helps you choose the right policies for your environments such as PCI, HIPAA, FedRAMP, and others. |
Custom policies |
None |
This functionality allows your to create custom policies for your own environments. This functionality is also used for many other features. |
IaaS Continuous Evaluation Configuration Audit |
None |
This functionality helps continuously monitor changes in resources, run Security Configuration Audit scans, and prioritize and then raise incidents against them. This is mainly done through logs and APIs. |
IaaS VPC Flow logs |
None |
This functionality analyzes VPC Flow logs and generated, provides visibility and creates any anomalies against the log data. |
DLP Scan for Object Storage |
None |
This functionality scans the objects in the S3 buckets for sensitive data by pulling data into Skyhigh CASB using APIs. |
Malware Scan for Object Storage |
None |
This functionality scans the objects in the S3 buckets for malware by pulling data into Skyhigh CASB using APIs. |
ShiftLeft for Configuration Audit |
None |
This functionality scans CloudFormation/ Terraform templates for configuration issues. |
Kubernetes Configuration Audit |
None |
This functionality uses logs and APIs to get data about Kubernetes (K8s) configuration and scans for any issues in the code. |
Docker Configuration Audit |
None* |
* This functionality uses the native SSM agent provided by AWS to provide the functionality. This feature requires configuration, not an agent deployment. |
Container Repository/ Registry/ Images Configuration Audit |
None |
This functionality uses logs and APIs to provide data about the configuration of Registries, Repositories, and container images, and runs Security Configuration Audits against them. |
Vulnerability Assessment of Container Images |
None |
This functionality allows you to run Vulnerability Assessment of images in containers, looking at operating systems and packages of components and vulnerabilities against them. |
ShiftLeft for Vulnerability Assessment |
None |
This functionality exposes APIs and scripts that you can use to run Vulnerability Assessments against components of their container images. |
In-tenant DLP scan |
PoP |
This functionality scanning data within your environment, without having to pull the data into Skyhigh CASB and out of your environment. |
Vulnerability Assessment |
PoP/ Agent (or sidecar) |
This functionality allows you to do Vulnerability Assesments on running containers and Virtual Machines and highlight Vulnerabilities against any packages that have been deployed in the running images. |
File Integrity Monitoring |
PoP/ Agent (or sidecar) |
This functionality allows you to track changes to critical files using a PoP and agent in running environments. |
Container Image Control |
PoP/ Agent (or sidecar) |
This functionality allows you to control which containers can run container clusters or virtual machines in running environments. |
Application Control |
PoP/ Agent (or sidecar) |
This functionality allows you to control which applications can run container clusters or virtual machines in running environments. |
Malware Scanning |
PoP/ Agent |
This functionality allows you to scan running Virtual Machines for Malware based on GTI functionality and take remediation actions. |
App Hardening |
PoP/ Agent |
This functionality allows you to periodically check the running operating system configuration of your Virtual Machines and raise issues when bad configurations are found. |