With the rapid development of the cloud, enterprise workloads have evolved from servers to virtual machines, containers, serverless, etc., and deployment models are becoming increasingly complex, including public cloud, hybrid cloud, and multi-cloud. In this context, traditional host security protection can no longer meet the needs, and CWPP (Cloud Workload Protection Platform) emerged as the times require.
Recently, Gartner® released Emerging Tech: Security—Adoption Growth Insights for Cloud Workload Protection Platforms (Emerging Tech: Security—Adoption Growth Insights for Cloud Workload Protection Platforms) (hereinafter referred to as the "Report"), and Tencent was once again listed as a CWPP by Gartner One of the suppliers. So far, Tencent Cloud Workload Protection Platform (CWPP) has been recognized and recommended by Gartner for three consecutive years!
Tencent Cloud Workload Protection Platform (CWPP) deeply integrates multi-product capabilities such as host security and container security, adopts the client + cloud model, and is based on public cloud, covering dedicated cloud, hybrid cloud, private cloud and internationalization, etc. Market demand, support out-of-the-box, shared cloud security operation platform.
Tencent Cloud Workload Protection Platform (CWPP) has four core advantages:
1. The first precise vulnerability defense + restart-free technology, one-click automatic defense against 0day/nday vulnerabilities
In response to frequent 0Day and nDay vulnerabilities, Tencent Security has developed a set of vulnerability defense systems based on virtual patches - Taishi Engine. The system integrates Tencent's cutting-edge vulnerability mining technology and real-time high-risk vulnerability warning technology to capture and analyze 0-day/nday vulnerabilities. It can automatically detect Java and other application service processes and automatically inject RASP plug-ins. Through plug-in management and virtual patch deployment, one-click Active defense against vulnerabilities, with an accuracy rate of ≥99.999%; and the first restart-free technology, bringing enterprises an upgrade experience that does not require restart, automatic protection, and out-of-the-box.
2. Leading intrusion detection capabilities, with high performance, high detection rate and other characteristics
In terms of detection capabilities, Tencent Cloud CWPP integrates the self-developed world-leading BinaryAI engine + TAV engine + cloud detection and killing, with a detection rate of ≥99%. At present, Tencent Cloud CWPP not only enhances the security capabilities of 200+ intrusion detection, but also adds a memory horse detection and killing function, which can monitor and capture unknown Classes existing in the Java Web service process memory in real time, and automatically identify memory based on Tencent Cloud's attack and defense experience and expert knowledge Trojan horse.
Not only that, Tencent Cloud CWPP has the technical accumulation of escorting the security of millions of hosts + tens of millions of core containers, and its stability is as high as 99.999%. The Agent has the characteristics of high performance and low consumption. Help users easily realize integrated protection.
3. Support hybrid cloud unified management, easy to realize asset visualization
At present, Tencent Cloud's CWPP capability has gradually expanded from supporting Tencent Cloud's native host security + container security to the customer's offline IDC and multi-cloud environment, helping customers manage host security + container security through a management console, and supporting fingerprint inventory of 15 assets , to help enterprises easily realize asset visualization, build a global perspective, and improve security operation efficiency.
Tencent Cloud CWPP will also provide diversified security expert services, automate security reports and emergency response, meet CIS and other security compliance standards, and provide professional solutions for vulnerabilities and baselines.
4. Provide security protection for the entire life cycle of containers
In terms of container security, Tencent Cloud CWPP relies on the expert team of Tencent Security Cloud Ding Lab and the management experience of Tencent's internal tens of millions of container clusters to continuously upgrade container security capabilities and provide enterprises with full life cycle security of container images from construction, deployment, and operation. protection. Container security protection can be enabled with one click without deployment, and supports multi-cloud, hybrid cloud and other IT architectures.
In practice, take a customer in the financial industry as an example. The assets on the cloud are diverse and numerous, and the source of the image is messy, which introduces many security risks. With the help of Tencent Container Security, the customer completed the vulnerability detection of the image layer, and completed the repair and verification of all assets within 5 minutes, ensuring the stable operation of the container business. While reducing the operating costs of the enterprise, it greatly improved the security operation Timeliness, accuracy and effectiveness.
Tencent Cloud has always been committed to the innovation and application of cloud-native security technologies. We believe that being included in the CWPP research report released by Gartner this time marks that Tencent's cloud security capabilities have once again been recognized by authoritative organizations. Not only that, in the emerging field of CNAPP (Cloud Native Application Protection Platform), Tencent Cloud has also deployed ahead of schedule. And was listed as one of the CNAPP vendors by Gartner. In the future, Tencent Cloud will adhere to the concept of "minimal security" and continue to optimize the cloud-native integrated security architecture to escort the digital transformation of enterprises.
Gartner, Emerging Tech: Security — Adoption Growth Insights for Cloud Workload Protection Platforms, Mark Wah et al., 17 March 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.