What is CSPM?


Aqua's CSPM (Cloud Security Posture Management) capability allows you to connect your cloud infrastructure environments, such as Amazon Web Services accounts, Microsoft Azure subscriptions, Google Cloud Platform projects, or Oracle Cloud Infrastructure accounts, and audit the security and compliance configuration of their resources.


CSPM operates at the control plane of your infrastructure account, querying for and monitoring data across hundreds of cloud resource types, services, and event activity types. CSPM can help ensure that your environment remains properly configured, free from malicious activity, and compliant with a variety of regulatory frameworks.


CSPM represents a category of tools that help users audit the security of their cloud infrastructure environments.


Aqua's CSPM capability represents a fully integrated, comprehensive, single-pane-of-glass security platform for cloud environments. Through a combination of regular configuration scanning, event activity feeds, customizable security controls, compliance control auditing, and numerous other built-in features, CSPM can help your organization manage thousands of infrastructure environments in a reliable way.


Examples of CSPM findings


Unlike host-based security tools, CSPM operates at the cloud provider control plane level. This provides unique visibility into the configuration of the infrastructure services themselves. With this access, CSPM can help detect:


  • Misconfigured storage buckets exposed publicly
  • Compute database resources with unintended public access
  • Use of encryption in transit and at rest across cloud services
  • User policy definitions to ensure least-privileged access to resources
  • Changes to critical resources such as firewall rules, logging groups, or account setting
  • Activity in unused or unexpected cloud provider regions or locations


CSPM vs. built-in cloud security tools


Most cloud providers provide built-in security offerings, such as AWS Security Hub or Azure Security Center. Aqua's CSPM capability is not designed to replace these services; instead, it should be deployed as a complementary service as part of a comprehensive security program. Many built-in services require extensive configuration, manual deployments, and updates, and only provide visibility into a single region or account at a time. CSPM is designed to:


  • Provide a single-pane-of-glass across all your infrastructure environments, across multiple clouds, regions, and services
  • Be easy to deploy, requiring just a single deployment script
  • Be updated continually, based on new security signatures developed by the experts at Aqua Security
  • Provide extensive configurability, reporting, and analytics across cloud security controls


For further information

Go to CSPM on the Aqua Platform Documentation Portal for complete documentation.