Hillstone CloudArmour Value Proposition
Full and Deep Security Visibility of Converged Cloud Workload
CloudArmour provides a centralized dashboard of the cloud security posture for hosts and Kubernetes clusters that allow organizations to have a unified workload monitoring and real-time assets management. Its posture perspective function provides a deep insight into vulnerabilities relations and traffic connections between applications and services, which potentially unveil any vulnerable applications, abnormal traffic, risky behaviors, and other info that security operators could take action against.
Unified and Granular Network Micro-segmentation
CloudArmour can minimize the threat attack surface via industry-leading micro-segmentation and patented traffic steering technology. It automatically discovers the application dependencies and dynamically enforces the micro-segmentation policies to avoid the proliferation of potential threats among cloud assets. CloudArmour’s smart policy assistant will additionally aid in generating the appropriate policies to best optimize the policy configuration of running systems without interruption across their private, public or hybrid cloud.
ML-powered Intelligent threat detection and runtime protection
The advanced threat detection and prevention capability can intelligently help detect threats and mitigate risks during runtime on all cloud workloads. It leverages machine learning algorithms to build behavior models based on the activities of workloads, detects abnormal behaviors via these models and deploys rules to mitigate potential threats accordingly. Meantime, CloudArmour integrates cloud threat intelligence to further enhance threat detection capability.
Complete vulnerability Management Across the Entire Application lifecycle
CloudArmour provides deep insights and management of the vulnerabilities of images, containers, working nodes and hosts, and integrates security as part of the Continuous Integration and Continuous Deployment workflow throughout the application lifecycle, triggering alerts if necessary to mitigate potential risks ahead of time. Images with serious vulnerabilities can be alerted and blocked from reaching production.
Standard Security Compliance Assessments and Enforcement
CloudArmour assesses the compliance posture of cloud workloads with recommendations based on the industry’s best practices. It leverages the pre-configured compliance checks from CIS Benchmarks for Kubernetes, Docker, Linux, images and application runtime configurations, and provides a standard list of recommendations of remediations for each compliance risk.