CWPP is a security solution that provides deep, internal threat protection for cloud workloads (the applications, processes, and resources that actually run in the cloud).

It focuses on securing the runtime environment of specific assets, including:

• Virtual Machines (VMs)
• Containers (like Docker and Kubernetes)
• Serverless functions (like AWS Lambda)

CWPP capabilities typically include vulnerability management, anti-malware scanning, runtime application self-protection (RASP), and micro-segmentation to detect and prevent threats inside the workload, regardless of whether it's on-premises, hybrid, or multi-cloud.

‍