DevSecOps – Acronyms

While dealing with Security Professionals as Devops/DevSecOps person, you will encounter certain terms and acronyms. It helps to understand what they mean and what tools are available for us to satisfy the security requirements. In this blog post, I will list and describe a few terms/acronyms and tools that I have come across relating to Cloud Security.

Acronym or TermDescriptionExample Services/Tools
SOC – Security Operation CenterGroup within an organization that deals with monitoring, detecting, analyzing and responding to security incidents.
CSPM – Cloud Security Posture ManagementA set of policies/requirements that are used to assess Cloud Configuration.GCP – Security Command Center
Azure – Microsoft Defender for Cloud
AWS Security Hub
KSPM – Kubernetes Security Posture ManagementA set of policies/requirements that are used to assess Kubernetes Configuration.GKE Policy Automation
Open Policy Agent
SIEM – Security information and event managementCovers log collection, log storage, searching through logs and creating events/notifications/alerts/dashboards from the logs.GCP – Chronicle Security
Azure – Microsoft Sentinel
CIS – Center for Internet Security – BenchmarksRecommendations to help protect systems against threats.CIS Benchmarks List
GCP – Security Command Center
AWS – Security Hub
CIEM – Cloud infrastructure entitlement managementMonitors Cloud Identities and their privileges. This is used to identity/rectify personals with more permissions than required.GCP – Role Recommender
Azure – Microsoft Entra Permissions Management
CDR – Cloud Detection and ResponseTo help deal with security threats/attacks.Google Chronicle
PAM – Privileged access managementComplements CIEM. Set of services and policies relating to privileged access (accounts with elevated permissions).CyberArk
HashiCorp Vault
DSPM – Data Security Posture ManagementData-centric approach to data discovery, access control, data governance etc.WIZ
PCI DSS – Payment Card Industry Data Security StandardStandard that has been created to protect card holder data and hence prevent fraud.Reference
Guidelines for GCP
PCI DSS on Azure
Qualys PCI Compliance
Code scanning, Container Scanning, IaC ScanningFind vulnerabilities in code, dependencies, container and Infrastructure as Code.Snyk
GCP Artifact Analysis
Amazon Inspector
Code Scanning – Github
Vulnerability Management – WIZ
Trivy – Aqua
Open Policy Agent
Terms and Tools used by DevSecops personnel.

Leave a Reply

Your email address will not be published. Required fields are marked *