IBM Cloud Workload Protection for Microsoft Azure

IBM Security Services for Cloud will provide managed security services with dedicated security expertise that helps monitor and manage the security of your cloud-native environments through build, ship, and run-time phases:

• Application policy management: Automated app behavior analysis, policy assignment to apps; custom app policy optimization; L3 and L7 firewall optimization and configuration
• Vulnerability management: Automated vulnerability ranking to visually identify rogue containers, registries, images or applications for prioritized remediation
• Threat management: End-to-end threat management strategy that helps you identify, protect, and detect advanced threats – and if necessary, respond/recover from disruptions

With Cloud Workload Protection Services, coverage for cloud workloads is delivered, regardless of where they are running:
Securing the image

• Design of the “validate stage”
• Detection of configuration defects
• Define registry scanning policies

• Implement RBAC policies
• Implement proper API controls
• Design/implement workload security zones

• Set up vulnerability management
• Monitor/control unbounded network access
• Detect and fix insecure runtime configs

• Harden and scan host OS and running apps
• Segregation of host resources
• Ensure the use of configuration management and effective authentication

• Audit processes
• Implement runtime controls
• Develop policies for effective authentication

Key value

• Assessment: Assess your current state of existing container environment by analyzing DevSecOps processes, application design, and solution requirement to find gaps and build a roadmap for your future state
• Design: After assessment, our security experts can design solutions based on the future state roadmap – including macro and micro design, process definitions, and workload-centric security policies
• Implementation: We will help implement appropriate security tooling to help deployment planning, container solution implementation, and 3rd party integrations
• Management: Once at steady state, we can provide continuous monitoring and compliance reporting, incident analysis and response, policy governance, and proactive vulnerability management through our X-Force Red services that allow for vulnerability ranking for prioritized remediation

• With IBM Security experts, limited resource time is optimized by helping identify/analyze vulnerabilities with shift-left expertise
• Centralized visibility to minimizes risks with 24x7x365 proactive container event monitoring, alerting, and vulnerability and threat management
• Security policies governance which enables security governance for workload-centric security policies, IT policy management and enforcement
• Secure application development that transforms people, process, and technology to unify Security and DevOps
• Security at cloud speed to innovate securely through infrastructure automation and scalable security