With workload security in Plerion, you can scan the software running inside your cloud workloads to uncover vulnerabilities that configuration checks alone cannot catch. This ensures you have visibility into risks across operating system packages, container images, and code dependencies.

What is CWPP?

A Cloud Workload Protection Platform (CWPP)—commonly referred to as workload security—protects workloads wherever they run, including virtual machines, containers, container images, EC2 instances, Lambda functions, and code. Unlike posture management tools that focus on cloud configurations, CWPP examines the applications and software packages inside workloads to identify vulnerabilities and risks.

Key capabilities

  • Comprehensive workload scanning
    Scan a wide range of workloads—including virtual machines, containers, container images, EC2 instances, Lambda functions, and code—for known vulnerabilities in operating system packages and third-party dependencies.
  • Vulnerability prioritization
    Not all vulnerabilities require urgent action. Plerion prioritizes issues by risk factors, helping you focus on what matters most.
    • Exploitable in the wild
    • Presence of public exploits
    • Exposure of sensitive data
    • Asset criticality

Supported workloads

Plerion’s workload scanner supports the following workload types:
  • Virtual machines
    • AWS EC2 instances
    • Azure Virtual Machines
  • Serverless functions
    • AWS Lambda
    • Azure Functions
  • Container images
    • AWS Elastic Container Service (ECS)
    • AWS Elastic Container Registry (ECR)
      • Note: For ECR container images, the last 2 pulled and the most recently pushed images are scanned.
  • Kubernetes clusters and components
    • AWS EKS
    • Azure AKS
    • Google Cloud GKE
Kubernetes workload support is currently in beta.
For more information, see the Kubernetes workload scanning overview.

Further reading