Forum Discussion

maheshcapj's avatar
maheshcapj
Copper Contributor
May 22, 2021

Can i have security center CSPM capabilities for AWS and GCP as well?

Hi Guys,

 

Can somebody help me to understand my below query?

 

I understand as part of ASC CWPP, security center protects the workloads of AWS and GCP with the help of Azure Arc. However I doubt is security center CSPM capabilities extended even for AWS or GCP?

 

Please confirm whether ASC CSPM is applicable to AWS and GCP or not?

 

 

Looking forward to hearing the response for this?

 

Thank you very much in advance.

 

Mahesh.

  • With cloud workloads commonly spanning multiple cloud platforms, cloud security services must do the same.

    Azure Security Center protects workloads in Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

    Onboarding your AWS account into Security Center, integrates AWS Security Hub and Azure Security Center. Security Center thus provides visibility and protection across both of these cloud environments to provide:

    Automatic agent provisioning (Security Center uses Azure Arc to deploy the Log Analytics agent to your AWS instances)
    Policy management
    Vulnerability management
    Embedded Endpoint Detection and Response (EDR)
    Detection of security misconfigurations
    A single view showing Security Center recommendations and AWS Security Hub findings
    Incorporation of your AWS resources into Security Center's secure score calculations
    Regulatory compliance assessments of your AWS resources
    In the screenshot below you can see AWS accounts displayed in Security Center's overview dashboard.

    So we can extend the CSPM capabilities as it mentioned it would detect the misconfigurations and secure score would be equally applied to AWS as well.

    With this I am assuming it supports cspm functionalities for non azure clouds as well.. Can somebody please correct me if i am wrong here.
    • maheshcapj's avatar
      maheshcapj
      Copper Contributor
      Hello Stanislav,

      Thank you for your prompt response.

      Regards,
      Mahesh.
      • Rakesh465's avatar
        Rakesh465
        Icon for Microsoft rankMicrosoft

        StanislavBelov can you also confirm if we can leverage CSPM capability for on premise resources through agent?

         

        Thanks,

        Rakesh

  • maheshcapj's avatar
    maheshcapj
    Copper Contributor
    With cloud workloads commonly spanning multiple cloud platforms, cloud security services must do the same.

    Azure Security Center protects workloads in Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

    Onboarding your AWS account into Security Center, integrates AWS Security Hub and Azure Security Center. Security Center thus provides visibility and protection across both of these cloud environments to provide:

    Automatic agent provisioning (Security Center uses Azure Arc to deploy the Log Analytics agent to your AWS instances)
    Policy management
    Vulnerability management
    Embedded Endpoint Detection and Response (EDR)
    Detection of security misconfigurations
    A single view showing Security Center recommendations and AWS Security Hub findings
    Incorporation of your AWS resources into Security Center's secure score calculations
    Regulatory compliance assessments of your AWS resources
    In the screenshot below you can see AWS accounts displayed in Security Center's overview dashboard.

    So we can extend the CSPM capabilities as it mentioned it would detect the misconfigurations and secure score would be equally applied to AWS as well.

    With this I am assuming it supports cspm functionalities for non azure clouds as well.. Can somebody please correct me if i am wrong here.

Resources