<aside> 📘 relates:

• 6 Categories of Cybersecurity Posture | LinkedIn
• CSPM, CWPP, CASB, CIEM, CNAPP| Explained | by Saiteja Bellam | Fournine Cloud
• Data Security Posture Management (DSPM) – The Definitive Guide
• DSPM Deep Dive: Debunking Data Security Myths
• What Is CSPM? - Palo Alto Networks

TL;DR;

主要是 CSPM、DSPM，核心点如下：

1. vendor independent，不依赖于某个云，而是关注于跨云管理
2. DSPM 以数据为核心，关注敏感数据发现，尤其是数据在哪、谁在访问、访问方式等
3. CSPM 以配置为核心，提出云时代最大的安全风险就是配置错误

除此之外还有一些其他的概念：

1. CWPP 这是比较传统的云主机防护 agent
2. CASB 跨云 API 的跳板机
3. CIEM 跨云的权限管理（IAM）

• IAPM 感觉和 CIEM 类似

1. NSPM 跨云的网络策略管理
2. ASPM 安全左移，更关注 dev 侧的安全发现

总的来说，一个大趋势就是跨云、下云，让用户摆脱云的控制。 而且部署方式也从 agent 到 agentless 的演变，提供安全 SaaS 云， 以 API 的形式对多云进行远程扫描。

</aside>

Article 2 of 8 in Building Your Cybersecurity Posture on LinkedIn

After you first understand your assets, enterprises need to determine how they want to continuously monitor the risk posture of each type of asset. These 6 security postures align with the technologies you need to protect. Each technology needs governance, policies, and guardrails to help your people appropriately act within your organization's defined policies.

What is a Cybersecurity Posture?

A security posture is a collection of key risk indicators that collectively measure your organization's exposure to potential risk. The intention of a cybersecurity posture is to provide a high-level indicator of general risk categories. I use 5 levels to map a typical security posture.

No alt text provided for this image

1. The first level is a single consolidated number that represents the overall cyber risk that exists within an entire organization.
2. The second level of detail is the cybersecurity categories of cloud, applications, data, network, devices, and identities.
3. In the third level of detail, I separate out the category into sub-categories that are specific to the category.
4. In the fourth level of detail, each of these parts are broken out into individual business units dependent on the organizational structure of the enterprise.
5. In a very mature organization, a fifth level is possible. In the fifth level of detail, I separate out the risk measurements into the different value streams specific to that business unit.

The 6 Categories of Cybersecurity Posture Management

Cloud Security Posture Management

Cloud Security Posture Management

<aside> 📘 all glossaries:

Cloud Security Posture Management:

• Operations Monitoring
• Environment Scaling
• Runtime Operations
• Datastore Provisioning
• Secrets Management
• CMDB (Configuration Management Database)
• Data Residency Monitoring
• SaaS posture
• Configuration Drift
• Undocumented Container Vulnerabilities
• Container Vulnerability Monitoring
• Container Vulnerability Scanning in Runtime
• IaC Scanning

Application Security Posture Management:

• Automated Open Source Code Remediation
• DevOps Pipelines
• Open Source Code Vulnerability Monitoring
• IaC Scanning
• SAST (Static Application Security Testing)
• DAST (Dynamic Application Security Testing)
• Credentials in Code Vulnerability Monitoring
• Edge Application Vulnerability Monitoring

Network Security Posture Management:

• Infrastructure as a Service (IaaS)
• Infrastructure Service Catalog
• Breach and Attack Simulation
• Configuration Services
• Infrastructure Drift

Data Security Posture Management:

• Crypto Posture
• Data Encryption
• Data Transit Monitoring
• Data Access Control
• Database Activity Monitoring
• PII Detection Monitoring
• ISCM (Information Security Continuous Monitoring)

Identity Access Posture Management:

• IAM (Identity and Access Management) (AD)
• CIAM (Customer Identity and Access Management)
• PAM (Privileged Access Management)
• Privilege Access Reviews
• MDM (Mobile Device Management)
• MAM (Mobile Application Management)
• SSO (Single Sign-On)
• Digital Signatures
• Biometrics
• Multifactor Authentication

Device Security Posture Management:

• Machine Identity Management
• Secure Web Gateways </aside>

The most common security posture tool in the marketplace is Cloud Security Posture Management (CSPM). Cloud security posture management is a compliance tool that manages cloud security policies, identifies configuration drift, detects misconfigurations, reports vulnerabilities, and integrates with workflow software to ensure the remediation of issues. There are a bunch of tools that capture many of the features, but this tool space is still evolving. Right now, many of the tools are incorporating some of the other postures I talk about…It’s not necessarily important to have a 1 to 1 matching of tool to capability, but instead to make sure you cover all of your postures somehow.

ASPM, Application Security Posture Management

Application Security Posture Management is the developer side of posture management. CSPM monitors your operations environments, and I expect the markers to build ASPM tools as an extension of security from the operations environment into the development process. I see ASPM as a tool that provides an application risk score to measure your enterprise’s risk to open source dependency vulnerabilities, static code vulnerabilities, credentials & secrets in code vulnerabilities, and container vulnerabilities in your binary repositories. A tool that takes information from your source code repositories, continuous integration tool, binary repository, and security scanning tools and approximates risk to your application, business unit, and enterprise.