What is CSPM?
Cloud Security Posture Management is a tool for monitoring a cloud environment and ensuring compliance against a variety of mandates such as HIPAA or PCI Compliance.
What can CSPM not do?
It does not currently provide any incident management response and automated remediation.
Who is this for?
Anyone interested in securing a cloud environment.
How am I charged for using CSPM?
Billing is based on how many connectors were active in a billing period (month).
What is a mandate?
Mandates are regulatory requirements, best practice standards or compliance frameworks designed by Security/business driven certification communities and/or government bodies.
Documentation on Available Mandates can be found here.
What is a policy?
A policy is a set of configuration checks that will assess different resources collected from your cloud account. A policy is made up of controls.
What is a control?
A control is a configuration check. Each check applies to a specific service/resource. Here are some examples:
MFA should be enabled for console user - applies to AWS IAM Service and IAM User Resource
Password policy should have upper case letter enforced - applies to AWS IAM Service
Security group should not allow inbound access on port 22 from 0.0.0.0 - applies to EC2/VPC services and Security Group Resource
What is a resource?
A Resource is an entity that you can work with. Examples include an Amazon EC2 instance, IAM User, or Security Group. The following resources will be discovered after creation of a connector:
Auto Scaling Group
Network Security Group
SQL Server Database
Virtual Machine (virtual machines created using Resource Manager only)
Virtual NetworkWeb App (App Service)
Pass/Fail - In an interactive report, the Control Pass/Fail displays the compliance status for a particular control.
Control Passed - Each control is applicable to a specific resource type. For each control, applicable resources are collected. The control checks whether the particular attribute of a resource is configured as per best practices. The control is passed when the attribute that the control is checking is found configured as per the desired configuration for all the applicable resources collected.
Control Failed - A control is considered failed when an attribute of the control being checked is not configured as per the desired configuration for any of the applicable resources collected. Resource Passed Resource is considered passed for a control if it’s attribute is configured as per the desired configuration in the control. Resource Failed Resource is considered failed for a control if it’s attribute is not configured as per the desired configuration in the control.
Resource Passed - Resource is considered passed for a control if it’s attribute is configured as per the desired configuration in the control.
Resource Failed - Resource is considered failed for a control if it’s attribute is not configured as per the desired configuration in the control.
How long are my reports retained?
Report data is kept for 13 months.
Why are reports restricted to being refreshed once per hour?
Due to limitations on how often API’s for Azure, AWS and GCP can be accessed, we have limited this to four hours in order to prevent access or security issues caused by too many API calls.
Is there a limit on number of reports?
There is not a limit on how many reports can be created.
Are there limitations to creating reports?
Currently the only limitation is that a report (Mandate + Connector) can not be the same as an existing report.
How long does it take to discover resources?
Due to the large volume of data for resources, it can take a while for the data to populate even after the report has been run and has results.
When should reports be refreshed?
When new resources have been added to an environment or when remediation has been done on resources that were previously failing controls.
Do reports automatically update?
They do not. A re-run must be completed to update a report.
How fast will a report get data?
A report should begin returning data within a few minutes. It can take several hours or more for all data to be loaded depending on the size of the cloud environment and how many resources it contains.
How do I remediate issues?
Remediation instructions are dependent on resource type and are provided in the details of the report. For more information see the Remediation section in the Reports documentation.
After I remediate an issue, how do I see that update on my report?
On the overview page, re-run the report.
Is there a limit to how many connectors can be created?
There is not a limit on the number of connectors. A connector cannot be added more than once.
What do I do if my connector shows offline or pending?
Try refreshing the connector. If that does not work, ensure the permissions or role for the connector are still in the cloud environment.
At what level are connectors created in the cloud environments?
They are created at the following levels:
AWS - account level
Azure - subscription level
GCP - project level
Can I customize or disable controls?
That is not possible at this time.
What is a data lake?
A centralized repository that allows storage of structured and unstructured data. In this case it is used to store all data related to CSPM.
What can be done with the data lake?
The data lake can be used to see changes over time to reports, examine data related to specific controls or resources, or be used to create visualizations.