EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
cloud-securityCSPMCWPPCASB

Cloud Security Tool Categories: CSPM, CWPP, CASB, CIEM & CSMV

The five tool categories that form the cloud security toolchain — what each does, where it sits in the stack, and which open-source tools you can use to build a capable security programme without enterprise budget.

Ashish Revar3 July 202612 min read1 views

Sign in to mark this article as read and track your progress.

Related to this topic

Continue learning

Reference material

eBook
Cloud Security — eBook
v2026
Open resource
Cheatsheet
Cloud Security — Cheatsheet
v2026
Open resource
MCQ Bank
Cloud Security — MCQ Bank
v2026
Open resource
Question Bank
Cloud Security — Question Bank
v2026
Open resource

External references

Prowler — AWS, GCP, and Azure Security Assessments

Open-source CSPM tool for multi-cloud security assessments against CIS, NIST, and other frameworks.

tool
Prowler — AWS, GCP, and Azure Security Assessments

Open-source CSPM tool for multi-cloud security assessments against CIS, NIST, and other frameworks.

tool
Falco — Cloud-Native Runtime Security

Official Falco documentation for deploying runtime security in Kubernetes and cloud environments.

tool
Falco — Cloud-Native Runtime Security

Official Falco documentation for deploying runtime security in Kubernetes and cloud environments.

tool
Trivy — Comprehensive Vulnerability Scanner

Aqua Security open-source scanner for container images, filesystems, git repos, and Kubernetes.

tool
Trivy — Comprehensive Vulnerability Scanner

Aqua Security open-source scanner for container images, filesystems, git repos, and Kubernetes.

tool
Cloudsplaining — AWS IAM Analysis

Salesforce open-source CIEM tool that identifies least-privilege violations in AWS IAM policies.

tool
Cloudsplaining — AWS IAM Analysis

Salesforce open-source CIEM tool that identifies least-privilege violations in AWS IAM policies.

tool
More articlesTest your knowledge

Why Tool Categories Matter

Cloud security vendors use dozens of overlapping acronyms. Understanding the five core tool categories lets you evaluate any product objectively — mapping it to a specific security function rather than marketing language.

CSPM — Cloud Security Posture Management

What it does: Continuously monitors cloud resources for misconfigurations against security baselines (CIS Benchmarks, NIST, CSA CCM). Identifies public S3 buckets, overly permissive security groups, unencrypted volumes, and disabled MFA.

When to use: From the moment you have any cloud resource. CSPM is the foundation of cloud visibility.

Commercial tools: Wiz, Prisma Cloud, Microsoft Defender for Cloud, AWS Security Hub Open-source: Prowler (AWS/Azure/GCP), ScoutSuite, CloudSploit

A single Prowler scan against a neglected AWS account typically surfaces 50-200 findings within minutes. It is the first tool to run on any new cloud environment.

CWPP — Cloud Workload Protection Platform

What it does: Secures compute workloads — VMs, containers, serverless functions — at runtime. Combines vulnerability scanning, runtime anomaly detection, micro-segmentation, and application whitelisting.

When to use: When running workloads in cloud compute (EC2, EKS, Lambda). Particularly critical for containerised environments.

Commercial tools: Aqua Security, Sysdig, Trend Micro Cloud One Open-source: Falco (runtime security for containers and Kubernetes), Trivy (vulnerability scanning)

CASB — Cloud Access Security Broker

What it does: Sits between users and cloud services to enforce security policies. Controls shadow IT (unapproved SaaS usage), applies DLP policies to cloud data, enforces authentication policies for SaaS applications.

When to use: When employees use SaaS applications (Microsoft 365, Salesforce, Box) and you need visibility and control over data flowing to and from those services.

Commercial tools: Microsoft Defender for Cloud Apps, Netskope, Zscaler Internet Access Open-source: Limited — most CASB functionality requires commercial solutions due to API integration complexity

CIEM — Cloud Infrastructure Entitlement Management

What it does: Analyses IAM permissions at scale to identify excessive entitlements, unused permissions, and privilege escalation paths. Addresses the core problem that IAM policies accumulate permissions over time until they are dangerously overprivileged.

When to use: In any environment with more than a handful of IAM users and roles — which is every production environment.

Commercial tools: Authomize, Ermetic (now Tenable CNAPP), AWS IAM Access Analyzer Open-source: Cloudsplaining (AWS IAM analysis), Parliament (IAM policy linting), Enumerate-IAM

CSMV — Cloud Security Monitoring and Vulnerability Management

What it does: Combines vulnerability management (finding known CVEs in running workloads) with security event monitoring (aggregating and correlating cloud logs). Often overlaps with CWPP for workload scanning.

When to use: As the detective layer — continuously scanning for vulnerabilities and alerting on security events.

Commercial tools: Tenable.io, Qualys VMDR, AWS Inspector Open-source: OpenVAS/Greenbone, Nuclei (fast vulnerability templates)

Tool Category Comparison

CategoryVisibilityControlRuntimeIdentityCost
CSPMConfigurationDetect/alertNoPartialLow-Medium
CWPPWorkloadsPrevent+DetectYesNoMedium-High
CASBUser+DataEnforce policyYesPartialMedium-High
CIEMEntitlementsDetect/remediateNoYesMedium
CSMVVulns+EventsDetect/alertPartialNoLow-Medium

Open-Source Lab Toolkit

For this course, the following open-source tools are used in practical exercises:

ToolCategoryPurpose
ProwlerCSPMAWS/Azure/GCP misconfiguration scanning
FalcoCWPPKubernetes and container runtime security
TrivyCWPP/CSMVContainer image and filesystem vulnerability scanning
ScoutSuiteCSPMMulti-cloud security auditing
CloudsplainingCIEMAWS IAM analysis and least-privilege assessment
kube-benchCWPPCIS Kubernetes benchmark assessment

Key Takeaway

These five categories represent the minimum viable cloud security toolchain. A mature programme uses all five — with CSPM providing the foundational visibility layer, CWPP protecting workloads, CASB controlling SaaS access, CIEM managing identity risk, and CSMV delivering continuous vulnerability and event monitoring.