What is CSPM? | Fluid Attacks Help

What is CSPM?

Cloud security posture management  (CSPM) involves systematically evaluating your cloud-based systems and infrastructure to identify any deviations from security requirements, such as misconfigurations and vulnerabilities, to then prioritize their remediation.

The main benefits of CSPM are the following:
  1. Detecting misconfigurations and vulnerabilities: CSPM identifies deviations from security best practices, compliance standards, and internal policies in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) environments.
  2. Providing remediation guidance: CSPM solutions provide actionable recommendations and, in some cases, automated fixes to address identified security gaps.
To learn more about Fluid Attacks' CSPM capabilities, refer to the following resources in this Knowledge Base:
  1. Security requirements verified in CSPM: Understand the comprehensive set of security requirements that form the basis of Fluid Attacks' CSPM scans.
  2. Configure the tests by the standalone scanner: Perform CSPM with Fluid Attacks' free and open-source command-line interface (CLI) tool.
  3. Sign up to Fluid Attacks: Start the free trial of Fluid Attacks' CSPM and automated techniques, in which the scanner is configured for you to continuously monitor your system's security as you develop, and Fluid Attacks provides you with reports, analytics, and remediation suggestions on its platform.
The following table shows the cloud providers supported by Fluid Attacks' CSPM and links to the pages describing the setup of each integration and listing the security requirements checked for each technology.

Cloud provider
Integration setup
Tested security requirements
Amazon Web Services (AWS)
Requirements in AWS
Google Cloud Provider (GCP)
Microsoft Azure DevOps
Azure DevOps integration

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.