Infrastructure Scanning

[TBD]

• Cloud Security Posture Management (CSPM): Identifies misconfigurations and compliance risks in cloud infrastructure.
• Cloud Infrastructure Entitlement Management (CIEM): Manages and automates access permissions in cloud environments.
• Cloud Workload Protection Platform (CWPP): Protects cloud workloads, including containers, servers, and serverless functions.
• Infrastructure-as-Code (IaC) Scanning: Detects security issues early in the development process.
• Data Security Posture Management (DSPM): Discovers sensitive data sources and who has access to them.

Outcome

• Vulnerability Scanning is performed regularly against the infrastructure
• The scanning tools are properly customized to reduce false positives
• Findings are being pushed to the vulnerability management program
• Severity/Priority is recalculated based on the asset's criticality/risk

Metrics

Metrics for this topic are included in Vulnerability Management

Tools & Resources

• Nuclei (Free)
• OpenVAS (Free)
• Prowler (Free/Paid)
• SecureCodeBox (Free)
• Wizz (Paid)
• Nessus (Paid)
• AWS Security MCP (Free)

Further Reading

• Implementing CNAPP: Tool Selection and Day 1 Focus Areas
• Testing and evaluating GuardDuty detections