POSTURE — know what you have
The POSTURE pillar answers the question "what do I actually have?". It is the foundation — without an up-to-date picture of your assets, the rest of the platform loses context.
Asset Inventory
A single source of truth about everything you have: cloud (Azure/AWS/GCP), on-prem, containers, repositories. Auto-refreshed every ~6 h. The key capabilities:
- inventory via the read-only APIs of the clouds (we modify nothing),
- cross-cloud search (one query, all clouds),
- resource tags and attributes,
- a dependency graph (who depends on what),
- drift against the IaC source of truth.
IaC Drift Detection
Compares the live cloud state with your source of truth in IaC. Every drift is a finding that can be fixed.
workspace: prod-eu-west
drift_detected:
- resource: aws_security_group.web
iac_state: ingress [443]
cloud_state: ingress [443, 22] # ← unexpected!
severity: high
Supports Terraform, ARM/Bicep, CloudFormation, Pulumi. It can generate remediation PRs to GitHub/GitLab.
Topology Graph
An interactive graph of all assets and relationships (force-directed, 10k+ nodes), with an attack-path overlay (chains of risky configurations) and highlighting of internet exposure.
Cloud Posture (CSPM)
Posture scoring against CIS benchmarks for each cloud — one tab per provider, one findings queue:
- AWS CIS Foundations v3.0
- Azure CIS v2.1
- GCP CIS v2.0
Findings are auto-mapped to ISO 27001 / NIS2 controls.
Kubernetes Posture
Posture at the pod and cluster level (EKS/AKS/GKE and self-hosted): Kubescape (NSA + MITRE), Trivy (images), RBAC analysis, NetworkPolicy coverage.
Standard workflow: start with Asset Inventory (do we see everything?), then Drift (does the live cloud match the IaC?), then Cloud Posture (is the configuration compliant with the benchmark?). Use Topology to show the customer exposure and attack paths.
POSTURE is the "map of the terrain". In the next lesson we overlay findings on it — the SECURITY pillar.