Forum Discussion
maheshcapj
May 22, 2021Copper Contributor
Can i have security center CSPM capabilities for AWS and GCP as well?
Hi Guys,
Can somebody help me to understand my below query?
I understand as part of ASC CWPP, security center protects the workloads of AWS and GCP with the help of Azure Arc. However I doubt is security center CSPM capabilities extended even for AWS or GCP?
Please confirm whether ASC CSPM is applicable to AWS and GCP or not?
Looking forward to hearing the response for this?
Thank you very much in advance.
Mahesh.
- With cloud workloads commonly spanning multiple cloud platforms, cloud security services must do the same.
Azure Security Center protects workloads in Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Onboarding your AWS account into Security Center, integrates AWS Security Hub and Azure Security Center. Security Center thus provides visibility and protection across both of these cloud environments to provide:
Automatic agent provisioning (Security Center uses Azure Arc to deploy the Log Analytics agent to your AWS instances)
Policy management
Vulnerability management
Embedded Endpoint Detection and Response (EDR)
Detection of security misconfigurations
A single view showing Security Center recommendations and AWS Security Hub findings
Incorporation of your AWS resources into Security Center's secure score calculations
Regulatory compliance assessments of your AWS resources
In the screenshot below you can see AWS accounts displayed in Security Center's overview dashboard.
So we can extend the CSPM capabilities as it mentioned it would detect the misconfigurations and secure score would be equally applied to AWS as well.
With this I am assuming it supports cspm functionalities for non azure clouds as well.. Can somebody please correct me if i am wrong here.
- StanislavBelov
Microsoft
Hi maheshcapj
ASC does extend CSPM capabilities to AWS and GCP clouds by using connectors:
Connect your AWS account to Azure Security Center | Microsoft Docs
Connect your GCP account to Azure Security Center | Microsoft Docs
- maheshcapjCopper ContributorHello Stanislav,
Thank you for your prompt response.
Regards,
Mahesh.- Rakesh465
Microsoft
StanislavBelov can you also confirm if we can leverage CSPM capability for on premise resources through agent?
Thanks,
Rakesh
- maheshcapjCopper ContributorWith cloud workloads commonly spanning multiple cloud platforms, cloud security services must do the same.
Azure Security Center protects workloads in Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Onboarding your AWS account into Security Center, integrates AWS Security Hub and Azure Security Center. Security Center thus provides visibility and protection across both of these cloud environments to provide:
Automatic agent provisioning (Security Center uses Azure Arc to deploy the Log Analytics agent to your AWS instances)
Policy management
Vulnerability management
Embedded Endpoint Detection and Response (EDR)
Detection of security misconfigurations
A single view showing Security Center recommendations and AWS Security Hub findings
Incorporation of your AWS resources into Security Center's secure score calculations
Regulatory compliance assessments of your AWS resources
In the screenshot below you can see AWS accounts displayed in Security Center's overview dashboard.
So we can extend the CSPM capabilities as it mentioned it would detect the misconfigurations and secure score would be equally applied to AWS as well.
With this I am assuming it supports cspm functionalities for non azure clouds as well.. Can somebody please correct me if i am wrong here.