- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloud Security Management Identity Risks (CSM Identity Risks) is a Cloud Infrastructure Entitlement Management (CIEM) product that helps you mitigate entitlement risks across your clouds. It continually scans your cloud infrastructure and finds issues such as lingering administrative privileges, privilege escalations, permission gaps, large blast radii, and cross-account access. It also enables you to proactively resolve identity risks on an ongoing basis to secure your cloud infrastructure from IAM-based attacks. For quick remediation, it suggests downsized policies, Datadog Workflows based remediations, and deep links to cloud consoles.
Review your organization’s active identity risks on the Identity Risks Explorer. Use the Group by options to filter by Identity Risks, Resources, or None (individual identity risks). View additional details on the side panel.
CSM Identity Risk detections include users, roles, groups, policies, EC2 instances, and Lambda functions.
For detailed insights and remediation help, click the Remediation tab. In the following example, the Remediation tab shows the usage of provisioned permissions.
Click View Suggested Policy to view a suggested downsized policy based on the actual usage.
To remediate the identity risk, click Fix in AWS to update the resource in AWS IAM console. To create a Jira issue and assign it to a team, click Add Jira issue. See Create Jira Issues for Cloud Security Management Issues for more information.
You can also use Terraform remediation to generate a pull request in GitHub with code changes that fix the underlying identity risk, or leverage Workflow Automation to create automated workflows for identity risks (with or without human involvement).
To see all the principals that can directly or indirectly access a given misconfigured resource, click the Access Insights tab in Misconfigurations, Identity Risks, and the Security Inbox. In this example, it shows all the principals that can access this EC2 instance:
You can see the risks associated with each principal in the Risks column, as well as the type of Path the principal can take (direct or indirect) to access the resource.
You can search for a subset of principals by name, type, public accessibility, or administrative access. Additionally, you can filter for direct or indirect access.
Click the Actions dropdown beside a principal to see it in Resource Catalog, or update its configuration in AWS IAM console.
Datadog CIEM is integrated with AWS IAM Access Analyzer to further improve the permissions gap detections. If you are using AWS IAM Access Analyzer, Datadog CIEM automatically leverages its unused access findings to enrich permissions gap detections and downsized policy recommendations.
The following video provides an overview of how to enable and use CSM Identity Risks:
추가 유용한 문서, 링크 및 기사: