Cloud Security Posture Management (CSPM)

Cloud Services - Categories

IaaS: Infrastructure as a Service. These are the compute resources, Virtual Machines, Containers, Serverless compute.

PaaS: Platform as a Service. Software components made available as a service. Example Database as a service.

SaaS: Software as a Service. Complete application available as a service, example CRM.

Cloud seems simple but is quite complex in terms of the plethora of services available and how you weave all of them in an efficient and secure manner.

There are a few de-facto benchmarks for the cloud namely CIS (Center for Internet Security) and CCM (CSA Cloud Controls Matrix).

It is important for the organization to know the cloud security posture, improve upon it. This is not a one-time activity as the threats keep evolving. Being SaaS applications, they also undergo changes either in the form or major/minor release or bug fixes. The network and security related configuration may also change. So, the posture needs to be assessed on a continuous basis.

The cloud is accessible to the internet, so the vulnerabilities if any are known to the entire world and is highly susceptible. The Mean Time To Remediate (MTTR) is also key. Auto capability will reduce the window of opportunity for the attackers. For example, if a S3 bucket exposure is identified, it can automatically block public access.

Seconize DeRisk Center - CSPM

Holistic, Automated and Continuous Cloud Risk Management (CRM) product which evaluates the business risk for an organization resulting from its cloud services, workloads, misconfigurations, and vulnerabilities. Its automated and data driven approach enables organization to achieve an acceptable risk level by prioritizing and automating remediation.

Supports AWS, Azure and GCP
Discovers cloud assets
Assesses

- Cloud configurations against CIS and CCM benchmarks
- Cloud workloads, namely Virtual Machines and Kubernetes clusters
- Database configurations
- Web Applications and API endpoints