Cloud Optix CSPM is a cloud-native security solution developed by Sophos, a leading cybersecurity company. It provides organizations with complete visibility and control over their cloud infrastructure to ensure compliance with security best practices and industry regulations. I have been fortunate to be part of the security design and architecture team of Sophos in the past and have deep visibility of this product architecture. Cloud Optix has evolved over time tremendously in terms of feautures and offerings. For more details, refer to https://www.sophos.com/en-us/products/cloud-optix.
Wiz CSPM
Wiz CSPM is a cloud security solution that enables organizations to secure their cloud environments across multiple cloud platforms such as AWS, Azure, and GCP. It provides continuous monitoring, automated compliance, threat detection, and response capabilities, among other features. For more details, refer to https://www.wiz.io/solutions/cspm.
Trend Cloud One – Conformity (previously Deep Security)
Trend Cloud One – Conformity is a CSPM tool that provides continuous monitoring and automated compliance checks for cloud environments. It is designed to help organizations maintain compliance with industry standards and regulations, such as CIS Benchmarks, HIPAA, GDPR, and PCI-DSS. For more details, refer to https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-conformity.html.
Ermetic CSPM
Ermetic CSPM is a cloud security tool that provides continuous monitoring and management of an organization’s cloud environment to identify and address potential security risks. The tool works by analyzing the organization’s cloud configuration and usage data and comparing it against industry best practices and security standards. For more details, refer to https://ermetic.com/solution/more-robust-cloud-security-posture-management-cspm/.
Lacework CSPM
Lacework is a cloud security platform that provides CSPM capabilities for multi-cloud environments such as AWS, Azure, and GCP. It helps organizations automate cloud security monitoring, threat detection, and compliance management, giving them complete visibility and control over their cloud infrastructure. For more details, refer to https://www.lacework.com/platform/cloud-security-posture-and-compliance/.
Now that we have gone through various commercial CSPM tools, let us look at some of the open source CSPM tools too.
Open source CSPM tools
There are several open source CSPM tools available to use; let us get to know some of them next.
Cloud Custodian
This is a rules engine that allows users to define policies to be executed across an AWS, Azure, or GCP account. It helps identify and remediate security risks by automating the enforcement of security policies. Features include automated policy enforcement, real-time monitoring, and integration with popular tools such as Slack and Jira. For more details, refer to https://cloudcustodian.io/.
CloudMapper
This is a tool that helps visualize and understand a cloud infrastructure’s attack surface. It uses data collected from AWS accounts to create network diagrams, visualize resource relationships, and highlight potential security vulnerabilities. Key features include network mapping, resource discovery, and interactive visualizations. For more details, refer to https://github.com/duo-labs/cloudmapper.