Setting up Cloud Security

문서 > Datadog 보안 > Cloud Security > Setting up Cloud Security

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

To get started with Cloud Security, review the following:

Overview
Enable Agentless Scanning
Deploy the Agent for additional coverage
Enable additional features
Disable Cloud Security
Further reading

Enable Agentless Scanning

The simplest way to get started with Cloud Security is by enabling Agentless Scanning. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and running Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent.

To learn more about Agentless Scanning, see Cloud Security Agentless Scanning.

Deploy the Agent for additional coverage

For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see Setting up Cloud Security on the Agent.

Feature	Agentless	Agentless + Agent-based deployment	Agent-based deployment
Cloud Security Identity Risks
Cloud Security Misconfigurations
Host benchmarks
Cloud Security Vulnerabilities
Vulnerability prioritization		With runtime context	With runtime context
Vulnerability update frequency	12 hours	Real time	Real time
Security Inbox		With more accurate insights	With more accurate insights

Enable additional features

AWS CloudTrail Logs

Maximize the benefits of Cloud Security Identity Risks with AWS CloudTrail Logs. Gain deeper insights into cloud resource usage, identifying users and roles with significant gaps between provisioned and utilized permissions. For more information, check out Setting up AWS CloudTrail Logs for Cloud Security.

IaC scanning

Integrate Infrastructure as Code (IaC) scanning with GitHub to detect misconfigurations in Terraform-defined cloud resources. For more information, see Setting up IaC Scanning for Cloud Security.

IaC remediation

Use IaC remediation with Terraform to create pull requests in GitHub, applying code changes that fix misconfigurations and mitigate identity risks. For more information, see Setting up IaC Remediation for Cloud Security.

Deploy via cloud integrations

Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see Deploying Cloud Security via Cloud Integrations.