Prisma versus Native CSPM Alerting on GCP and AWS
Native Vulnerability and Misconfiguration Monitoring Tools run for a longer period of time - and capture account level events that may not be captured by Prisma and external CSPM tools.
Some examples where native tools (AWS Config, Guard Duty on AWS) would provide better alerts include:
- Inactive Accounts that need to be possibly shut down. Config can see these - but Prisma / CSPM tools cannot necessarily see this level of detail.
- Weak Password Policy on IAM users
- Enabling EBS / RDS / S3 encryption
There are several reasons why you want to use native monitoring alongside CSPM tools. In a perfect world, you would use both.
Leave a Reply