Datadog Cloud Security Posture Management (CSPM) makes it easier to assess and visualize the current and historic security posture of your cloud environment, automate audit evidence collection, and catch misconfigurations that leave your organization vulnerable to attacks.
Assess the configuration of your cloud resources, such as security groups, storage buckets, load balancers, and databases against configuration rules. Use the Datadog Agent to review local configuration information from servers, containers, and Kubernetes clusters against Datadog’s OOTB security posture rules.
Security posture score: Percentage of your environment that satisfies all of your active Datadog’s OOTB rules. Formula:
(# of evaluation:pass findings) / (total # of findings). Datadog then weighs this formula by severity: low severity rules have a weighting of “1” and critical severity rules have a weighting of “5”. This means critical severity rules impact scores five times more than low severity rules to put greater emphasis on the rules that pose greater security risk. The score is also normalized to treat all all resource types and resource volumes the same (for example, 500 failing containers are weighted the same as three failing S3 buckets in the computed score). This normalization factor allows scores to be comparable across your cloud accounts, without the risk they are heavily skewed if one account has more containers, or another has fewer storage buckets.
Requirement: A group of controls representing a single technical or operational topic, such as Access Management or Networking. The regulatory framework PCI DSS, for example, has 12 requirements.
Control: A specific recommendation for how technology, people, and processes should be managed; typically based on a regulation or industry standard.
Resource: A configurable entity that needs to be continuously scanned for adherence with one or more controls. Examples of AWS instance resources include hosts, containers, security groups, users, and customer-managed IAM policies.
Findings: A finding is the primary primitive for a rule evaluation against a resource. Every time a resource is evaluated against a rule, a finding is generated with a Pass or Fail status.
Framework: A collection of requirements that map to an industry benchmark or regulatory standard.
Additional helpful documentation, links, and articles: