Cloud Security Posture Management (CSPM) tools help organizations automate security and compliance in the cloud by providing visibility into cloud environments, identifying misconfigurations, and ensuring compliance with industry standards. Since the product category of CSPM has been introduced, its offerings have gone through several iterations of improvements to adopt a more comprehensive view of security. Organizations are moving away from traditional standalone tools to CSPMs that are fully integrated in a greater Cloud Native Application Protection Platform (CNAPP).
Challenge with traditional CSPMs
Traditional CSPM tools focus on cloud misconfigurations and are unable to identify other risks that when combined with misconfigurations, could significantly impact security posture and increase your attack surface. Such additional risk factors include vulnerabilities, network and identity exposures, exposed secrets, sensitive data, and malware. Since traditional CSPMs lack the context around these other risks, they generate a lot of noise that makes it hard for organizations to prioritize alerts around misconfigurations.
Wiz takes a modern approach to CSPM
Wiz for CSPM takes a modern approach to security in the cloud by looking across all risk factors to identify toxic combinations that put your environment at critical risk. Wiz does deep risk analysis not only of misconfigurations, but also across network exposures, exposed secrets, vulnerabilities, malware, sensitive data, and identities. By using a unified risk engine across all risk factors, with the same back-end data model, Wiz can correlate all risks to understand toxic combinations in an environment. Risks are prioritized and modeled on the Wiz Security Graph to give you the full context around issues in your environment, with actionable insights so you can focus on the risks that matter.
Eliminate distracting noise with context
Let’s take an example of a rule that a traditional CSPM alerts on.
This rule checks whether an EC2 instance only allows the use of Instance Metadata Service Version 2 (IMDSv2). The first version of IMDSv1 was prone to several forms of attack, which allowed attackers access to instances’ sensitive metadata and credentials. To protect against these attacks, AWS developed an enhanced version of this service, and recommended to only allow the use of IMDSv2 on EC2 instances.
In this example, a traditional CSPM would alert us of all the instances in our environment that are configured to not only allow the use of IMDSv2, which means they could use the exploitable IMDSv1. Here we can see that we have 171 instances that are misconfigured:
Now that we know we have over a hundred instances that are misconfigured, how do we understand which ones pose the greatest risk and prioritize remediation? Let’s see how Wiz uses context-based risk assessment to help organizations reduce noise and prioritize risks related to misconfigurations.
By correlating this misconfiguration to other risk factors, Wiz can identify which machines are misconfigured with the old version, exposed to the internet, and have a vulnerability with a known exploit, which results in a toxic combination that can put our environment at critical risk. Let’s take a look at the findings now that we have this additional context. Below, we can see that out of the 171 machines that were misconfigured, we now know that that there are 17 machines that are also exposed to the internet and are vulnerable with a known exploit. This modern approach to CSPM reduces the noise of traditional tools, in this case from 171 alerts to 17, helping teams focus on remediating the risks that make the largest impact on their environment.
With Wiz, organizations can improve their operational efficiencies by 10x, significantly reducing the effort needed to identify and remediate issues in their environment. Issues are modeled on the Wiz Security Graph, making it easy for anyone at any skill level to understand context around risk. In this example, we can see the path to the internet that makes the machine publicly exposed, the vulnerabilities and the misconfiguration found on it, all from a single pane of glass.
This is just one example of many toxic combinations Wiz can identify in your environment to help you prioritize risks, save time, and improve your security posture. Get started now, watch this on-demand webinar to learn more about Wiz for CSPM, or visit the Wiz docs (login required). If you prefer a live demo, we would love to connect with you.
