Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Why Third-Party Tools Are Best for Multi-Cloud CSPM

Why Third-Party Tools Are Best for Multi-Cloud CSPM

Cloud security posture management enables organizations using multiple public cloud platforms like AWS, Azure and GCP to see everything they have running and where their security risks lie. In a recent episode of the Tenable Cloud Security Coffee Break webinar series, we talked about those challenges and how Tenable Cloud Security can help. Check out the highlights of our discussion.

When it comes to managing security risk in cloud environments like Amazon’s AWS, Microsoft’s Azure and Google’s GCP, it’s often good to step back a moment and consider how these popular platforms are different from traditional on-premises infrastructure, and the unique challenges of securing them.

Public clouds offer many advantages for software teams, including APIs that can supply reams of configuration data about the environments themselves, not just about the workloads running on them. However, each cloud platform is different, has its own challenges, and requires unique expertise.

During a recent episode of Tenable’s Cloud Security Coffee Break webinar series, we sat down with Lionfish advisor and former Gartner analyst Tom Croll and Tenable Sales Engineer Paul Anderson to talk about some of these challenges and how cloud security posture management (CSPM) can help. 

You need a Rosetta Stone to compare and work with different cloud environments,” said Paul Anderson. “AWS calls it this, and Azure calls it that, and GCP calls it this other thing. It can become very complex.”

Enter CSPM tools to help with multi-cloud compliance 

At its basic core, CSPM monitors the cloud control plane and provides insight into your cloud security posture. But it does a lot more today than merely show you base settings of your cloud environments.

“CSPM has evolved from being this noisy configuration monitor that tells you to tidy your room without giving you real context, to telling you the most important vulnerabilities you need to remediate,” Croll said. “We want to see the misconfigurations in each environment, the highest risks and how to remediate them.”

There are parallels with on-prem systems, but the control plane isn’t really one of them.

“We certainly can't run the equivalent of CSPM to run our data centers for us,” Croll said. “But the cloud gives us that unique API-based source in order to pull out all these configurations. We can't scan the entire security posture of our infrastructure on-prem with a single tool.”

Each cloud platform offers tools for managing CSPM, but they don’t provide much for managing other clouds on which you’re deploying workloads. 

“If you're using one of those cloud service providers, you're also sort of accepting their outlook on the world, and their perspective on how the cloud should be,” Anderson said. “They're forcing the other vendors to try to fit in that paradigm, which is a recipe for risk.”

“You need a Rosetta Stone to compare and work with different cloud environments. AWS calls it this, and Azure calls it that, and GCP calls it this other thing. It can become very complex.”

—Paul Anderson, Tenable Sales Engineer

How Tenable Cloud Security can help

CSPM tools like Tenable Cloud Security enable security teams to manage security for different public clouds from a single dashboard and a single framework. Tenable Cloud Security, formerly Tenable.cs, gives you an apples-to-apples view of all your resources, regardless of the vendor, and it ranks misconfigurations according to severity, with built-in recommendations for remediating problems.

Tenable Cloud Security, which now ships as part of the Tenable One Exposure Management Platform, helps facilitate remediation by giving code snippets and detailed recommendations. It lets you quickly scan your cloud environments using more than 1,500+ built-in policies that cover dozens of common security frameworks and regulations, including those from the Center for Internet Security (CIS), the U.S. National Institute of Standards and Technology (NIST), and the EU General Data Protection Regulation (GDPR).

“In order to enable multi-cloud CSPM, I heavily advise people to go with a third party,” Croll said. “If you go with one single cloud provider, okay, start with their native tools. That's fine. But we want to have a multi cloud-enabled, or hybrid cloud-enabled security tool set and mindset. Third-party tools like Tenable Cloud Security are enabling more features to be better across multiple clouds.”

Learn more about CSPM and Tenable Cloud Security by watching this Cloud Security Coffee Break episode, and sign up to join the biweekly webinar.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training