This integration is configured through the Invicti ASPM product.
CSPM overview
What is CSPM?
Cloud Security Posture Management (CSPM) provides continuous monitoring and assessment of cloud infrastructure configurations to identify misconfigurations, policy violations, and compliance gaps. It helps organizations maintain a secure cloud environment across providers such as AWS, Azure, and Google Cloud.
Invicti AppSec Core includes a preconfigured Invicti SCA scanner that is automatically activated with your package. The integrations on this page are for teams using Invicti ASPM who want to connect their own SCA tools instead. See AppSec Core scanners overview for details on the built-in scanner.
How it works
CSPM tools connect to your cloud environments and continuously evaluate resource configurations against security best practices and compliance frameworks. The assessment process includes:
- Configuration assessment — checks cloud resources against security benchmarks such as CIS Benchmarks and cloud provider best practices.
- Compliance monitoring — evaluates configurations against frameworks such as PCI DSS, HIPAA, ISO 27001, NIST, and SOC 2.
- Drift detection — identifies when configurations change from their intended secure state.
- Risk scoring — prioritizes findings based on severity and potential impact.
What it can discover
CSPM detects risks across the following categories:
| Category | Examples |
|---|---|
| Public storage access | S3 buckets, Azure Blob containers, or GCS buckets configured for unintended public access |
| Overly permissive IAM | Roles granting wildcard permissions instead of least-privilege policies |
| Disabled logging | Audit logs, CloudTrail, or security monitoring turned off |
| Network misconfigurations | Overly open security groups, publicly exposed databases, unrestricted ingress/egress rules |
| Encryption gaps | Unencrypted storage volumes, databases, or data in transit |
| Credentials management | Long-lived access keys, plaintext secrets in configuration |
| Compliance violations | Deviations from CIS Benchmarks, AWS Well-Architected Framework, and other standards |
Supported CSPM tools
The following CSPM integrations are available through Invicti ASPM:
| Tool | Cloud providers |
|---|---|
| Amazon Inspector CSPM | AWS |
| Amazon Security Hub | AWS |
| Microsoft Defender for Cloud | Azure |
| Wiz | Multi-cloud |
| Orca Security | Multi-cloud |
| Prisma Cloud CSPM | Multi-cloud |
| Lacework CSPM | Multi-cloud |
| Sysdig CSPM | Multi-cloud |
| CrowdStrike CSPM | Multi-cloud |
| Prowler | AWS, Azure, GCP |
Choosing a CSPM tool
| If you need… | Consider |
|---|---|
| AWS-native CSPM | Amazon Inspector CSPM, Amazon Security Hub |
| Azure-native CSPM | Microsoft Defender for Cloud |
| Multi-cloud enterprise CSPM | Wiz, Orca, Prisma Cloud, Lacework |
| Open-source / no license cost | Prowler |
| Runtime threat detection + CSPM | CrowdStrike CSPM, Sysdig CSPM |
Need help?
The Invicti Support team is ready to provide technical assistance. Go to Help Center