Aqua's CSPM capability allows you to connect your cloud infrastructure environments, such as Amazon Web Services accounts, Microsoft Azure subscriptions, Google Cloud Platform projects, or Oracle Cloud Infrastructure accounts, and audit the security and compliance configuration of their resources.
CSPM operates at the control plane of your infrastructure account, querying for and monitoring data across hundreds of cloud resource types, services, and event activity types. CSPM can help ensure your environment remains properly configured, free from malicious activity, and compliant with a variety of regulatory frameworks.
TABLE OF CONTENTS
What is CSPM
CSPM stands for "Cloud Security Posture Management" and represents a category of tools that help users audit the security of their cloud infrastructure environments.
Aqua's CSPM capability represents a fully integrated, comprehensive, single-pane-of-glass security platform for cloud environments. Through a combination of regular configuration scanning, event activity feeds, customizable security controls, compliance control auditing, and numerous other built-in features, CSPM can help your organization manage thousands of infrastructure environments in a reliable way.
Examples of CSPM Findings
Unlike host-based security tools, CSPM operates at the cloud provider control plane level. This provides unique visibility into the configuration of the infrastructure services themselves. With this access, CSPM can help detect:
- Misconfigured storage buckets exposed publicly
- Compute and database resources with unintended public access
- The use of encryption in transit and at rest across cloud services
- User policy definitions to ensure least-privileged access to resources
- Changes to critical resources such as firewall rules, logging groups, or account settings
- Activity in unused or unexpected cloud provider regions or locations
CSPM vs. Built-In Cloud Security Tools
Most cloud providers provide built-in security offerings, such as AWS Security Hub or Azure Security Center. Aqua's CSPM capability is not designed to compete directly with these services; instead, it should be deployed as a complementing service as part of a comprehensive security program. Many built-in services require extensive configuration, manual deployments, and updates, and only provide visibility into a single region or account at a time. CSPM is designed to:
- Provide a single-pane-of-glass across all of your infrastructure environments, including across multiple clouds, regions, and services
- Be easy to deploy, requiring just a single deployment script
- Update continuously, based on new security signatures developed by the experts at Aqua
- Provide extensive configurability, reporting, and analytics across cloud security controls