6.2 Infrastructure security capabilities.md

Infrastructure security capabilities

In this section, we’ll cover more details about the core tools and capabilities that are used in infrastructure security.

Introduction

In this lesson, we’ll cover:

• What is vulnerability management?

• What is CSPM?

• What is CNAPP?

What is vulnerability management?

Vulnerability management is a systematic process of identifying, evaluating, prioritizing, mitigating, and monitoring vulnerabilities in computer systems, software, networks, and infrastructure. The primary goal of vulnerability management is to reduce an organization's exposure to security risks by proactively addressing known vulnerabilities before they can be exploited by malicious actors. Here's an overview of the key steps involved:

Identification: Scanning and discovering vulnerabilities in the organization's assets, which can include servers, applications, network devices, and endpoints.

Assessment: Evaluating the severity and potential impact of each vulnerability based on factors like the Common Vulnerability Scoring System (CVSS) score and business context.

Prioritization: Ranking vulnerabilities based on their risk level and potential impact on the organization's operations and data.

Mitigation: Developing and implementing strategies to remediate or mitigate vulnerabilities, which can include applying patches, configuring security settings, or deploying compensating controls.

Verification: Confirming that the mitigation measures were effective in addressing the vulnerabilities.

Continuous Monitoring: Ongoing tracking of vulnerabilities and potential threats, with regular vulnerability scans and assessments.

Vulnerability management is a critical component of cybersecurity, helping organizations maintain a strong security posture and reduce the likelihood of security breaches. Examples of vulnerability management tools are Defender for Cloud, Nessus and Qualys.

What is CSPM?

Cloud Security Posture Management (CSPM) is a set of tools, processes, and practices designed to assess, monitor, and enforce security configurations and best practices in cloud environments. CSPM solutions help organizations identify and remediate misconfigurations, security gaps, and compliance violations in their cloud infrastructure, such as in Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and other cloud providers.

Key aspects of CSPM include:

• Configuration Assessment: Scanning cloud resources and services to identify misconfigurations, insecure settings, and deviations from security best practices.

• Security Policy Enforcement: Enforcing security policies and compliance standards across cloud environments by automatically remediating misconfigurations or generating alerts.

• Continuous Monitoring: Providing continuous visibility into the security posture of cloud assets and resources, with real-time alerts for security incidents.

• Compliance Reporting: Generating reports and dashboards to demonstrate compliance with regulatory requirements and industry standards.

CSPM helps organizations ensure that their cloud infrastructure is secure, compliant, and aligned with best practices, reducing the risk of cloud-related security incidents. Examples of CSPM tools include Defender for Cloud and Snyk.

What is CNAPP?

CNAPP stands for Cloud-Native Application Protection Platform. It is an all-in-one cloud-native software platform that simplifies monitoring, detecting and acting on potential cloud security threats and vulnerabilities. It combines multiple tools and capabilities into a single software solution to minimize complexity and facilitate DevOps and DevSecOps team operations. CNAPP offers an end-to-end cloud and application security through the whole CI/CD application lifecycle, from development to production. It addresses the industry’s need for modern cloud security monitoring, posture management, breach prevention and control tools. CNAPP solutions provide security teams the ability to quantify and respond to risks in the cloud environment. Some of the features of CNAPP include enhanced visibility, quantification of risks, secure software development, and a combined cloud security solution. CNAPP integrates multiple cloud security solutions that have been traditionally siloed in a single user interface, making it easier for organizations to protect their entire cloud application footprint. CNAPPs consolidate multiple cloud-native security tools and data sources, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlements management and runtime cloud workload protection platforms.

Further reading

• What is CSPM? | Microsoft Security
• What is Cloud Security Posture Management (CSPM)? | HackerOne
• Function of cloud security posture management - Cloud Adoption Framework | Microsoft Learn
• What Is a CNAPP? | Microsoft Security
• Why Everyone Is Talking About CNAPP (forbes.com)
• Improving Your Multi-Cloud Security with a Cloud-Native Application Protection Platform (CNAPP)