Cloud Security Posture Management (CSPM)

Posture Management enables you to manage resources across multiple clouds, flows, and settings on one management platform. You can check your environments and receive notifications when it detects issues. Detailed results of tests and summary reports are available for your review.

Posture Management accesses your environments directly through cloud platform APIs and CloudGuard policies that you set up on these environments. It works with all cloud providers, and you can check compliance even when your cloud presence is distributed on multiple cloud platforms.

Benefits

• At-a-glance dashboard view of organizational compliance across the full cloud presence, on all cloud platforms

• Check compliance with cloud security standards

• Clear reports to indicate non-compliant issues

• Easily build modified rules based on requirements with the graphical GSL builder

• Preconfigured (built-in) rulesets developed by CloudGuard have a wide range of standards and best practices

Use Cases

• Enforce environments compliance with standards - see Rules and Rulesets

• Enforce compliance with organizational policies across the estate - see Configuring CloudGuard Policies

• Review the security and compliance posture across the estate with a unified dashboard - see Dashboards

• Analyze compliance of a proposed cloud design (CloudFormation Template) before actual deployment - see Onboarding AWS Environments

• Customize the Posture Management dashboard based on your needs, to put effort into the more sensitive and interesting environments

• Review latest assessment results and apply remediation - Automatic Remediation with CloudBots

• Review assessments on a specific environment from a specific point in time - Assessment History

• Create customized compliance or organizational policy rules - see Rules and Rulesets

CloudGuard GSL (Governance Specification Language)

Rules used by Posture Management are defined with the CloudGuard Governance Specification Language (GSL). This is an intuitive user-readable language that describes the test. For example, the rule

S3Bucket should have logging.enabled=true

checks that logging is enabled for AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. S3 buckets A bucket is a container for objects stored in Amazon S3 (Amazon Simple Storage Service)..

See Governance Specification Language (GSL) for details and examples of the GSL syntax. See GSL Builder to learn how to build a rule with the graphical interface.

Cloud Entity Domain Model

CloudGuardPosture Management is based on Governance Specification Language (GSL), which defines the syntax for compliance rules. In addition, it includes cloud entities, which are the targets to which the rules apply. These entities represent the real entities in the supported cloud platforms, such as instances or S3 buckets.

Entities have attributes, some unique to specific entities. Some attributes are simple, for example, strings or numbers, while some are compound: usually, sub-entities that are related to the entity. For example, the VPC in which an instance is located. In addition, the attributes can contain list attributes.

GSL includes entities for the cloud platforms that CloudGuard supports. Each platform lists its supported entities.

Views

Posture Management includes these pages:

• Rulesets - Shows your rulesets and rules, preconfigured rulesets, and custom ones that you define.

• Continuous Posture - Lists the policies that continuously assess your environments for compliance.

• Remediation - Lists the environments where automatic remediation with CloudBots is enabled.

• Exclusions - Lists the environments that have rule exclusions.

• Assessment History - Shows a list of previously run assessments, with summary details for each. You can filter the view by account, rulesets, and time to show specific assessments of interest.

• GSL Builder - Lets you build and test GSL rules.

• Posture Overview - Presents a summary view of the compliance assessments run on your environments.

Actions

Running an Assessment

Run a ruleset on a selected environment.

1. Navigate to the Rulesets tab in the CSPM menu.

2. Select a ruleset to run.

3. Click Run Assessment. The Run Assessment window opens with a list of available environments.

4. Select the environment, region, and VPC, on which the policy is run, and click RUN. The assessment period usually takes from a few seconds to a few minutes, based on the complexity of the ruleset and the number of rules. When it completes, the results appear.

   You can see details for each. They include the number of entities tested (Tested), the number that is included in the scope of the rule (Relevant), the number of entities that are excluded (Excluded), if Show Exclusions is selected, and the number of failed tests (Non-Compliant).

5. Click Expand to show more details, the rule's details, and a list of the failed entities.

Viewing Assessment History

See Assessment History.

Creating Exclusions

You can create an exclusion directly from the assessment based on the assessment details. This method of exclusion creation is faster because CloudGuard enters several fields for you.

1. Navigate to CSPM and select Assessment History from the menu.

2. Use the Filter bar to search for the assessment that can be a basis for your new exclusion.

3. Click the assessment to see its details.

4. Click Expand to show more details.

5. Below Findings, click the Exclude finding icon () in the Actions column on the right.

   The Create New Exclusion window opens, and the most applicable fields in it are already filled.

6. Edit the fields as you wish based on the steps in Exclusions.

7. Enter a comment for the exclusion.

8. Click Save.