IBM Cloud Global

 View Only

Linux for PowerVS Security with IBM Security and Compliance Center

By Carlos Tolon posted Fri May 17, 2024 08:02 AM

  

Securing your IBM Power Systems environments is now easier than ever: IBM Security and Compliance Center Workload Protection has announced support for PowerVS.

IBM Security and Compliance Center (SCC) Workload Protection helps you address security and regulatory compliance in your servers and VMs, containers or Kubernetes and cloud services or on-premise environments. Easily identify vulnerabilities, check compliance, block runtime threats and respond to incidents faster.

Security Use Cases in PowerVS

With Workload Protection, you can scan for vulnerabilities, validate compliance against misconfigurations and identify runtime threats. These are the typical use cases of EDR (Endpoint Detection and Response) solutions, but Workload Protection offers much more. It is a complete CNAPP (Cloud-Native Application Protection Platform) solution, covering not only your servers but all your workloads with CWPP (Cloud Workload Protection Platform) and your clouds with CSPM (Cloud Security Posture Management).

Vulnerability Management

Workload Protection allows you to scan your PowerVS host for vulnerabilities, including those in OS packages and third-party libraries you might have installed as dependencies for your application, such as Java JARs.

If you are running containers with Docker or Podman, those can also be scanned.

You can prioritize which vulnerabilities are more relevant to your risk posture by leveraging the “in use” runtime context, considering only binaries and libraries actually running and exposed.

Scanning in your CI/CD pipeline or in your container registry is also possible within the same tool. 

Compliance Posture

Whether you need to check CIS benchmarks for Linux or have different compliance requirements (industry or country-specific, such as PCI, NIST, or DORA), Workload Protection can help identify potential misconfigurations that could invalidate your compliance posture. It also helps manage the lifecycle of those failing controls, providing remediation or acceptance workflows.

 

Threat Detection and Response

Workload Protection agents leverage eBPF technology and the Falco engine—the open-source cloud-native security tool for Linux systems—to provide detection, remediation, and incident response for abnormal behavior and potential security threats such as malware, drift detection, workload, and host attacks or misuse. File Integrity Monitoring (FIM) and command audit are also covered by the Workload Protection  agents.

Hundreds of policies managed by our Threat Research Team are continuously updated to detect new threats or improve accuracy. These are mapped to multiple compliance frameworks, allowing you to implement continuous compliance monitoring.

 

Incident response, auditing, and forensics capabilities allow security and SOC teams to handle threats in PowerVS environments effectively.

Supported Platforms

Both Power Virtual Servers on IBM Cloud and IBM Power Systems on-premise are supported, as long as they have access to the Workload Protection service hosted on IBM Cloud.

Workload Protection supports today Linux on Power Systems architecture (ppc64le), including Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES). Support for AIX and IBM i will be introduced in the future.

Install the Workload Protection agent in Linux for PowerVS

To implement host vulnerability scanning, posture management or threat detection you need to install the Workload Protection agent on your PowerVS server.

Once you have created your Workload Protection instance, if you don’t have one already, just follow the step by step documentation: Managing the Workload Protection agent in Linux on PowerVS.

Learn More

To learn more about IBM Cloud Security and Compliance Center Workload Protection check out recent announcements and related content:

0 comments
24 views

Permalink