Package: Invicti AppSec Enterprise (on-premise, on-demand)
CSPM overview
What is CSPM?
CSPM (Cloud Security Posture Management) provides continuous monitoring and assessment of cloud infrastructure configurations to identify misconfigurations, policy violations, and compliance gaps. It helps organizations maintain a secure cloud environment across providers such as AWS, Azure, and Google Cloud.
How it works
CSPM tools connect to your cloud environments and continuously evaluate resource configurations against security best practices and compliance frameworks. The assessment process includes:
- Configuration assessment:checks cloud resources against security benchmarks such as CIS Benchmarks and cloud provider best practices.
- Compliance monitoring:evaluates configurations against frameworks such as PCI DSS, HIPAA, ISO 27001, NIST, and SOC 2.
- Drift detection:identifies when configurations change from their intended secure state.
- Risk scoring:prioritizes findings based on severity and potential impact.
What it can discover
CSPM detects risks across the following categories:
| Category | Examples |
|---|---|
| Public storage access | S3 buckets, Azure Blob containers, or GCS buckets configured for unintended public access |
| Overly permissive IAM | Roles granting wildcard permissions instead of least-privilege policies |
| Disabled logging | Audit logs, CloudTrail, or security monitoring turned off |
| Network misconfigurations | Overly open security groups, publicly exposed databases, unrestricted ingress/egress rules |
| Encryption gaps | Unencrypted storage volumes, databases, or data in transit |
| Credentials management | Long-lived access keys, plaintext secrets in configuration |
| Compliance violations | Deviations from CIS Benchmarks, AWS Well-Architected Framework, and other standards |
Supported CSPM tools
Invicti AppSec Enterprise integrates with the following third-party CSPM tools:
| Tool | Cloud providers |
|---|---|
| AWS Inspector CSPM | AWS |
| AWS Security Hub | AWS |
| MS Defender for Cloud | Microsoft Azure |
| Prisma Cloud CSPM | Multi-cloud |
| Prowler | AWS, Azure, GCP |
| Wiz CSPM | Multi-cloud |
| Orca CSPM | Multi-cloud |
| Lacework CSPM | Multi-cloud |
| Sysdig CSPM | Multi-cloud |
| CrowdStrike CSPM | Multi-cloud |
All CSPM tools require manual activation under Integrations. See Third-party scanners overview for activation instructions.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center