Ermetic extends its CNAPP with cloud workload protection capabilities

Ermetic has extended its Cloud Native Application Protection Platform (CNAPP) with cloud workload protection capabilities that enable customers to detect, prevent and remediate security risks in virtual machines, containers and serverless functions.

Ermetic cloud workload protection

Using context that spans infrastructure configurations, network, access entitlements and other settings, Ermetic identifies and prioritizes threats on AWS, GCP and Microsoft Azure that require immediate attention.

This full stack approach automates cloud workload protection against breaches, while allowing organizations to satisfy compliance requirements and implement industry best practices.

According to Gartner, “Optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection. SRM (security risk management) leaders should evaluate emerging cloud-native application protection platforms that provide a complete life cycle approach for security.”

Ermetic uses an agentless approach to efficiently scan workloads – including virtual machines, container images, runtime containers and serverless functions – for critical risks. The platform enables organizations to secure their cloud and maintain compliance by detecting vulnerabilities, exposed secrets, sensitive data, malware and misconfigurations.

Stand-alone Cloud Workload Protection solutions can generate a large volume of alerts. In isolation, determining which are most serious and need immediate attention is manually intensive and time consuming. In contrast, Ermetic puts workload risks in context, automatically prioritizing and facilitating remediation.

“Protecting cloud workloads from breaches requires a continuous and full stack assessment of installed software, the operating system, configurations, access entitlements, suspicious activity and more,” said Sivan Krigsman, CPO at Ermetic.

“With our platform’s unmatched, end-to-end insight into cloud workloads, Ermetic enables security and DevSecOps teams to prioritize remediation by identifying resources that are exposed to threats or have the largest blast radius,” Krigsman continued.

Holistic cloud workload protection

The Ermetic CNAPP provides enriched cloud workload protection not available from single purpose products. Using an identity-first approach Ermetic unifies workload protection with cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM) to provide deep, centralized visibility into all of the resources in the cloud environment.

These capabilities enable the Ermetic CNAPP to deliver cloud workload protection that covers:

  • Detection of installed packages, software vulnerabilities, stored secrets, sensitive customer data, malware and configuration errors
  • Protection for virtual machines, K8S Clusters, container images and serverless functions
  • Vulnerability assessment and visualization into cloud workload risk with intelligence gathered across virtual machines, serverless functions, container images and Kubernetes clusters
  • Risk-based prioritization that correlates vulnerabilities across operating system packages, applications and libraries with additional workload characteristics, such as network exposure and permission levels
  • Help in achieving compliance with standards that mandate a vulnerability management program, such as AWS Well Architected, CSA, NIST, ISO 27001 and SOC II.


The new cloud workload protection capabilities are available immediately in the Ermetic CNAPP from Ermetic and its business partners worldwide.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss