Benchmark: 3.1.1 Microsoft Cloud Security Posture Management (CSPM)
Overview
Microsoft Defender for Cloud offers foundational and advanced Cloud Security Posture Management (CSPM) solutions to protect across multi-cloud and hybrid environments. Both solutions cover PaaS as well as IaaS. CSPM provides reporting functionality on security and regulatory frameworks including NIST 800 series, ISO 27001, PCI-DSS, CIS Benchmarks and Controls, and many more. CSPM also provides the ability to create your own custom framework, but this will require significant work. Regulatory standards are reported in a compliance dashboard which offers a summarized view against deployed standards and presents the ability to download compliance reports in various formats.
CSPM has two types of implementations:
- Foundational (Free): This implementation is free and enabled by default with a limited set of features including:
- Continuous assessment of the security configuration of cloud resources
- Security recommendations to fix misconfigurations and weaknesses
- Secure score summarizing current overall security posture
- Full CSPM (Paid): Full CSPM is a paid product offering additional functionality including:
- Identity and role assignments discovery
- Network exposure detection
- Attack path analysis
- Cloud security explorer for risk hunting
- Agentless vulnerability scanning
- Agentless secrets scanning
- Governance rules to drive timely remediation and accountability
- Regulatory compliance and industry best practices
- Data-aware security posture
- Agentless discovery for Kubernetes
- Agentless container vulnerability assessment
It is recommended that for full CSPM a cost review is undertaken particularly if your tenant is heavy on IaaS prior to implementing and matched to security requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 3.1.1 Microsoft Cloud Security Posture Management (CSPM).
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_3_1_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_3_1_1 --share
Controls
- 3.1.1.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
- 3.1.1.2 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected