CSPM solutions on the market come in a bewildering range of flavours. The majority are easy-to-implement SaaS solutions, but they require somebody with a PhD to understand their outputs and make sensible security decisions. At WithSecure, we believe that organisations can best manage their security posture by using a service that combines high-quality people with our own purpose-built technology. Three pillars define our CSPM service:

1. Security through partnership: we appoint a Security Engineer who understands your environment to assist your understanding of misconfigurations and their impact and to help you assess your cloud security risk. This goes far beyond what a product can offer. 
2. Unmetered access to cloud configuration expertise: WithSecure Security Engineers will help you prioritize findings and provide actionable steps to fix insecure configurations and address your cloud configuration management queries. 
3. Compliance assurance through out-of-the-box cloud security checks: we employ an algorithm developed by WithSecurity Consultants that specialize in securing cloud environment to check for misconfigurations. The checks go beyond industry standards and benchmarks as they have been shaped by experience on the front line. Our service is continuously improved to account for changing standards, new attack methods and evolution of the underlying cloud platform.

The evidence provided by the tool can be used to demonstrate how your organization aligns to cyber security frameworks and standards.

Key features of our service

• Monthly scan of AWS and Azure cloud environments and a report
• Monthly re-scan upon request
• Monthly meeting with dedicated Security Engineer and access for queries during working hours
• Continuous improvement to existing checks and addition of new ones
• Optional consulting support for analysis and remediation.