As organizations harness the benefits of cloud infrastructure, they must also grapple with the inherent challenges of ensuring robust security measures across their cloud environments. This chapter delves into asset inventory, which is the crucial component of a CSPM. We will explore the intricacies of effectively managing and securing cloud assets, providing a comprehensive overview of the tools, techniques, and best practices involved. By conducting thorough asset inventory management, we’ll delve into the vital components of maintaining a strong cloud security posture. Join us as we navigate the complex landscape of cloud security and unveil the strategies and methodologies necessary to safeguard organizations’ valuable digital assets in an ever-evolving threat landscape.

In this chapter, we’ll cover the following topics:

• Understanding the cloud asset inventory landscape
• Asset categorization and classifications
• Key challenges in asset inventory management
• Best practices for asset inventory management
• Other tools and techniques for asset discovery

Let’s get started!

Understanding the cloud asset inventory landscape

Inventory refers to all the assets in your cloud environment. Assets are the objects of cloud infrastructure. Inventory landscape refers to recognizing and comprehending the various asset types that exist within a cloud environment. These assets encompass a range of digital resources and components essential for operating in the cloud. CSPM tools scan the assets for any abnormal behavior, vulnerabilities, or malware attacks. Analyzing both the impacted asset and its interconnected assets is essential to comprehend the potential spread of an attack across the network. This analysis helps in understanding the attack vectors and identifying vulnerabilities or weak links in the system. CSPM tools offer a comprehensive set of features and information for conducting asset and alert analysis, empowering organizations to gain deep insights into their cloud security posture. We will deep dive into alert investigations later; for now, we’ll focus on the core aspects of cloud assets.

Cloud assets overview

Assets are the objects of cloud infrastructure that are protected by CSPM tools. These assets can include virtual machines, databases, applications, files, configurations, and other types of digital information that are hosted and managed in the cloud. The following figure shows the inventory dashboard of the Microsoft Defender for Cloud CSPM tool. At a very high level, you can see the total resources onboarded to the CSPM tool, the number of unhealthy resources, the number of unmanaged resources, and the number of unregistered cloud accounts. Dashboards are customizable and vary by CSPM tool. You also get the option to download the inventory in the form of a CSV report, open a query on the inventory, and more. We will dive deep into dashboards in Chapter 10:

Figure 9.1 – CSPM inventory dashboard (source: https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory)

Let’s understand some important properties of assets that can help us uniquely identify and manage their security posture.