When you build and deploy containerized applications, your software supply chain can potentially be trojanized with the hidden backdoors or cryptominers.
If the bad package ends up in your container, the entire production system can be compromized.
Traditional CSPM solutions address the misconfiguration problem only, leaving the malware problem to expensive, heavy, difficult-to-install and maintain agent-based Cloud Workload Protection Platforms (CWPP).
The mission of Prevasio's Cloud Security Posture Management (CSPM) is to combine in one affordable solution the lightness and convenience of a classic CSPM with the attack prevention capabilities of a CWPP.
Prevasio CSPM achieves that by combining 3 products in one:
Prevasio requires only a few minutes to complete a full scan of all your assets.
The CSPM scan will reveal any misconfiguration issues in AWS according to best practices and compliance standards.
If you have any public or private containers, Prevasio will also perform a full vulnerability assessment of all packages and libraries found to be installed in those containers.
Prevasio CSPM will perform an anti-malware scan of all files found to be present in any discovered public or private containers. The scanner will dynamically extract & scan files from all container image layers.
While other CSPM vendors deploy into your cloud the agents, side-cars, functions, S3 buckets, clogging your infrastructure and draining your budget, Prevasio takes a very different approach.
It requires only one role with read-only access to perform the audit of your account.
Prevasio creates no agents and runs no code in your cloud
It uses no servers, thus having a very low cost per scan
Being serverless, it scales up quickly to process any load
It starts an analysis in milliseconds, and finishes in minutes
The only resource created in your AWS account is a cross-account role for Prevasio CSPM and optionally, a template that helps you to create that role. It adds $0 cost to your AWS bill.
Prevasio CSPM is unable to modify, create or delete anything in your account. Check out the list permissions required for scanning.
Prevasio dashboard provides a unified view of all security issues found in your AWS setup.
For your convenience, Prevasio classifies all issues by the assets they are related to, displaying them in the same 'look and feel', as AWS Console.
To see how the dashboard looks in action — check out a demo (requires no registration).See a demo
Prevasio CSPM provides a secure mechanism that allows other team members to access the shared CSPM account in read-only mode.
The owner of the shared account will define who can access the shared CSPM results.
Got multiple AWS accounts? No problem.
Prevasio CSPM provides a combined dashboard to view the results for multiple shared CSPM accounts.
Prevasio CSPM provides an easy-to-use mechanism of exporting any alerts into Jira tickets.
Once exported, the tickets can be opened in Jira directly. From there, the tickets can be assigned to different members of the team in order to resolve the security posture issues.
The CSPM allows any alert to be suppressed at any of the following 3 levels: