Cloud Security
CWPP (Cloud Workload Protection Platform)
Also known as: Workload protection
Definition
A platform that protects cloud workloads — virtual machines, containers, and serverless functions — across their entire lifecycle, from build to runtime.
Examples
- SentinelOne Singularity Cloud or Sysdig Secure scanning container images and detecting runtime drift.
- Microsoft Defender for Servers monitoring EC2 and on-prem VMs for malware and exploits.
Related terms
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
CNAPP (Cloud-Native Application Protection)
An integrated security platform that combines CSPM, CWPP, CIEM, IaC scanning, and runtime detection to protect cloud-native applications from build to runtime.
CSPM (Cloud Security Posture Management)
A category of tools that continuously assess cloud accounts against best-practice and compliance baselines to detect and remediate misconfigurations.
Container Security
The practice of securing container images, registries, orchestrators, and the runtime in which containers execute.
Kubernetes Security
The protection of a Kubernetes cluster — its API server, control plane, nodes, workloads, and network — from misconfiguration, compromise, and lateral movement.
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.