Hillstone Networks has announced the availability of Hillstone CloudArmour, a cloud workload protection that provides full visibility and protection of cloud workloads through micro-segmentation and enhanced detection and response, giving SecOps full control over their enterprise cloud environments. As workloads expand from traditional appliance-based or virtual machine-based to the modern containerized deployments in public, private, hybrid, or even multi-cloud environments, security and risk management on these cloud platforms become even more challenging. CloudArmour addresses these challenges by bringing visibility into the full spectrum of the cloud deployment, surfacing all interactions and communications across assets, and helping security professionals manage and secure an expansive threat surface.

Broad and deep visibility into cloud workloads: CloudArmour automatically synchronizes with container regulations, Kubernetes clusters and hosts in real-time on the status of key components such as images, apps, services, and clusters, as well as the OS, network cards, and processes running in the host. It provides dashboards of hosts and cloud assets with granular information, including system status, traffic, vulnerabilities, security incidents, and threats, allowing security admins to have comprehensive workload monitoring and real-time asset management. Unified and granular network Microsegmentation: Hillstone CloudArmour implements a "Zero-Trust" concept through Microsegmentation technology to restrict groups of assets from being accessed according to defined policies, minimizing the attack surface and patented traffic steering technology, providing point-to-point network visibility and granular control based on apps, services, or work nodes.

Advanced threat detection and runtime protection: CloudArmour detects threats and mitigates risks during runtime on all cloud workloads, including containers, VMs, and bare-metal servers. CloudArmour builds behavior models based on workload attributes and based on these models, deploy rules to detect and prevent advanced threats. Complete vulnerability management across the entire application lifecycle: As part of the Continuous Integration and Continuous Deployment (CI/CD) workflow, CloudArmour provides deep insights and management of the vulnerabilities in images, containers, working nodes and hosts.

It continuously monitors and scans vulnerabilities of VMs, cloud hosts, and bare metal servers throughout the lifecycle from application development to daily operation, triggering alerts if necessary to mitigate potential risks ahead of time. Out-of-the-box security compliance assessments and enforcement:CloudArmour assesses compliance of cloud workload with recommendations based on industry best practices. It leverages the pre-configured security compliance checks from Comprehensive Intranet Security (CIS) Benchmarks for Kubernetes, Docker, Linux, images, and application runtime configurations, and provides a standard list of recommendations of remedations for each compliance risk.

Compliance check results can be exported for further analysis or auditing.