Setting up Cloud Security Management

문서 > Datadog 보안 > Cloud Security Management > Setting up Cloud Security Management

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Overview

To get started with Cloud Security Management (CSM), follow these steps:

Enable Agentless Scanning
Deploy the Agent for additional coverage
Enable additional features

Enable Agentless Scanning

The simplest way to get started with Cloud Security Management is by enabling Agentless Scanning. Agentless Scanning provides visibility into vulnerabilities that exist within your AWS hosts, running containers, Lambda functions, and Amazon Machine Images (AMIs) without requiring you to install the Datadog Agent.

To learn more about Agentless Scanning, see Cloud Security Management Agentless Scanning.

Deploy the Agent for additional coverage

For broader coverage and additional functionalities, deploy the Datadog Agent to your hosts. The following table outlines the improvements offered by Agent-based deployments. For more information, see Setting up Cloud Security Management on the Agent.

Feature	Agentless	Agentless + Agent-based deployment
CSM Identity Risks	Yes	Yes
CSM Misconfigurations	Yes	Yes
Host benchmarks	No	Yes
CSM Vulnerabilities	Yes	Yes
Vulnerability prioritization	Yes	Yes, with runtime context
Vulnerability update frequency	12 hours	Real time
CSM Threats	No	Yes
Threat detection	No	Yes
Security Inbox	Yes	Yes, with more accurate insights

Enable additional features

AWS CloudTrail Logs

AWS CloudTrail Logs allows you to get the most out of CSM Identity Risks. With AWS CloudTrail Logs, you gain additional insights into the actual usage of cloud resources, helping you identify users and roles with significant gaps between provisioned and utilized permissions. For more information, see Setting up AWS CloudTrail Logs for Cloud Security Management.

IaC remediation

With Infrastructure as Code (IaC) remediation, you can use Terraform to open a pull request in GitHub, applying code changes that fix a misconfiguration or identity risk. For more information, see Setting up IaC Remediation for Cloud Security Management.

Deploy via cloud integrations

Monitor your compliance security coverage and secure your cloud infrastructure against IAM-based attacks by enabling resource scanning for AWS, Azure, and GCP resources. For more information, see Deploying Cloud Security Management via Cloud Integrations.