While CSPMs are primarily designed to identify and mitigate security risks in the cloud, some also provide information, visibility, and context into the cloud environment, to help enable threat-hunting.
The big-three cloud providers, as well as some third-party vendors, provide CSPMs with one degree or another of threat-hunting-related features.
Azure Security Center provides threat detection capabilities for Azure environments and, with Azure Defender, can be extended to non-Azure clouds. In addition to responding to alerts that it triggers, it also has features for launching hunting activities and investigations using Azure Log Analytics.
Amazon's native CSPM, AWS Security Hub, provides security alerts and prioritizes security issues. It also provides a view of compliance status across AWS accounts. It integrates with other AWS security services, such as AWS GuardDuty, Sources, CloudTrail, VPC Flow Logs, Amazon Inspector Findings, and DNS Logs to provide threat detection and remediation capabilities.
While Google Cloud's Security Command Center affords visibility into and control for security-related assets in GCPlatform, it's less clear that it is set up to enable threat-hunting activities.
Palo Alto's Prisma Cloud is its CSPM offering, but it doesn't promote it as a tool for threat hunting. Instead, PAN offers managed threat hunting built on its Cortex XDR solution which integrates network, endpoint, and cloud data. Or, if you are building your own SOC, you can use Cortex XDR as a basis.
Similarly, Check Point offers separate posture management and threat-hunting products through its CloudGuard Posture Management and CloudGuard Intelligence solutions, respectively. The latter ingests cloud-native log and event data to provide contextual visualization and cloud security analytics across public cloud infrastructure.
If you have the resources, threat hunting is definitely a valuable part of a security program, but it's an ongoing activity, not a "one and done" solution. Still, it can teach your team how to differentiate between normal and unusual activity and can help security analysts better respond to, and triage, incidents.
Search for a product comparison in Cloud Security Posture Management (CSPM)
Find out what your peers are saying about Wiz, Palo Alto Networks, Microsoft and others in Cloud Security Posture Management (CSPM). Updated: October 2024.
CSPM solutions help organizations identify and remediate security risks and compliance challenges within cloud environments. CSPM tools use automated scans to identify potential security issues, and then provide recommendations for remediation.
While CSPMs are primarily designed to identify and mitigate security risks in the cloud, some also provide information, visibility, and context into the cloud environment, to help enable threat-hunting.
The big-three cloud providers, as well as some third-party vendors, provide CSPMs with one degree or another of threat-hunting-related features.
Azure Security Center provides threat detection capabilities for Azure environments and, with Azure Defender, can be extended to non-Azure clouds. In addition to responding to alerts that it triggers, it also has features for launching hunting activities and investigations using Azure Log Analytics.
Amazon's native CSPM, AWS Security Hub, provides security alerts and prioritizes security issues. It also provides a view of compliance status across AWS accounts. It integrates with other AWS security services, such as AWS GuardDuty, Sources, CloudTrail, VPC Flow Logs, Amazon Inspector Findings, and DNS Logs to provide threat detection and remediation capabilities.
While Google Cloud's Security Command Center affords visibility into and control for security-related assets in GCPlatform, it's less clear that it is set up to enable threat-hunting activities.
Palo Alto's Prisma Cloud is its CSPM offering, but it doesn't promote it as a tool for threat hunting. Instead, PAN offers managed threat hunting built on its Cortex XDR solution which integrates network, endpoint, and cloud data. Or, if you are building your own SOC, you can use Cortex XDR as a basis.
Similarly, Check Point offers separate posture management and threat-hunting products through its CloudGuard Posture Management and CloudGuard Intelligence solutions, respectively. The latter ingests cloud-native log and event data to provide contextual visualization and cloud security analytics across public cloud infrastructure.
If you have the resources, threat hunting is definitely a valuable part of a security program, but it's an ongoing activity, not a "one and done" solution. Still, it can teach your team how to differentiate between normal and unusual activity and can help security analysts better respond to, and triage, incidents.
Check Point CloudGuard for cloud native security provides threat-hunting features.