Skip to main contentWith workload security in Plerion, you can scan the software running inside your cloud workloads to uncover vulnerabilities that configuration checks alone cannot catch. This ensures you have visibility into risks across operating system packages, container images, and code dependencies.
What is CWPP?
A Cloud Workload Protection Platform (CWPP)—commonly referred to as workload security—protects workloads wherever they run, including virtual machines, containers, container images, EC2 instances, Lambda functions, and code.
Unlike posture management tools that focus on cloud configurations, CWPP examines the applications and software packages inside workloads to identify vulnerabilities and risks.
Key capabilities
-
Comprehensive workload scanning
Scan a wide range of workloads—including virtual machines, containers, container images, EC2 instances, Lambda functions, and code—for known vulnerabilities in operating system packages and third-party dependencies.
-
Vulnerability prioritization
Not all vulnerabilities require urgent action. Plerion prioritizes issues by risk factors, helping you focus on what matters most.
- Exploitable in the wild
- Presence of public exploits
- Exposure of sensitive data
- Asset criticality
Supported workloads
Plerion’s workload scanner supports the following workload types:
-
Virtual machines
- AWS EC2 instances
- Azure Virtual Machines
-
Serverless functions
- AWS Lambda
- Azure Functions
-
Container images
- AWS Elastic Container Service (ECS)
- AWS Elastic Container Registry (ECR)
- Note: For ECR container images, the last 2 pulled and the most recently pushed images are scanned.
-
Kubernetes clusters and components
- AWS EKS
- Azure AKS
- Google Cloud GKE
Further reading
