[Yandex Cloud documentation](../../index.md) > [Yandex Security Deck](../index.md) > Concepts > Overview

# Yandex Security Deck overview

{% note info %}

The service is at the [Preview](../../overview/concepts/launch-stages.md) stage.

{% endnote %}

Yandex Security Deck is a comprehensive CNAPP service whose modules discover vulnerabilities, monitor and protect access to data, and enforce compliance with regulations and industry standards.

The Security Deck modules allow you to achieve a number of security objectives:

* **Threat Detector**. The [Threat Detector (TD)](threat-detector.md) module is the first line of defense of the user's cloud infrastructure in Yandex Security Deck, which automatically detects suspicious activity and notifies the user about detected threats. To identify security risks, the module analyzes audit events found in the client's infrastructure and registered with [Yandex Audit Trails](../../audit-trails/index.md).

* **Comprehensive data protection**. [Data Security Posture Management (DSPM)](dspm.md) detects sensitive information stored in Yandex Object Storage [buckets](../../storage/concepts/bucket.md) and Yandex 360 [Yandex Disks](https://yandex.com/support/yandex-360/business/disk/web/en/index.html) for timely action to protect it from unauthorized access or leaks.

* **Containerized application security management**. [Kubernetes® Security Posture Management (KSPM)](kspm.md) ensures the security of containerized applications and [images](../../container-registry/concepts/docker-image.md). The KSPM module automatically checks your cloud infrastructure against the corporate and industry standards, identifies all Kubernetes clusters and containers in a given [workspace](workspace.md), and deploys security components in them as per the configuration.

* **Vulnerability Management**. The [vulnerability management](vulnerability-management.md) module that enables you to centrally manage container image vulnerability scanning and view scan results. The module supports scanning images from Container Registry and Cloud Registry, as well as images run in Managed Service for Kubernetes clusters.

* **User access management**. [Cloud Infrastructure Entitlement Management](ciem.md) (Cloud Infrastructure Entitlement Management) allows you to manage user [access](../../iam/concepts/access-control/index.md) to various corporate resources with full control over who has access to which data, and what actions are allowed with that data.

    One of the fundamental principles of [Yandex Identity and Access Management](../../iam/index.md) is that of least privilege, where users get only the access permissions they need to perform their job duties.

    CIEM implements this principle and helps to ensure:

    * Data security by managing user access to company resources.
    * Prevention of unauthorized access to sensitive information.
    * Effective management of [user](../../overview/roles-and-resources.md#users) and [service account](../../iam/concepts/users/service-accounts.md) access permissions.
    * Shorter time to investigate security incidents.

* **Yandex Cloud configuration management**: [Cloud Security Posture Management (CSPM)](cspm.md) checks the Yandex Cloud infrastructure and applications deployed within the specified [workspace](workspace.md) for compliance with comprehensive security requirements and best practices. This module helps ensure compliance with the selected security policies and protection against common threats and vulnerabilities in the cloud.

* **Transparent data handling**. The [Access Transparency](access-transparency.md) module allows customers to follow what Yandex Cloud engineers do with the organization's resources.


Integration between modules simplifies the process of monitoring the actions of Yandex Cloud engineers and users, allowing you to quickly respond to possible security threats.

Comprehensive use of modules helps reduce the risks associated with unauthorized access, data leaks, and non-compliance with regulatory requirements.

{% note info %}

Using Security Deck modules does not fully eliminate security threats in your infrastructure.

{% endnote %}