Head over to our on-demand library to view sessions from VB Transform 2023. Register Here
Exploiting gaps in cloud infrastructure that are leaving endpoints, identities and microservices exposed is a quick way for an attacker to steal credentials and infect an enterprise’s DevOps process. Attacks to exploit such gaps are skyrocketing.
The recent 2023 Thales Cloud Security Study provides hard numbers: 39% of enterprises have been hit with a data breach starting in their cloud infrastructure this year alone. A total of 75% of enterprises say that more than 40% of the data they store in the cloud is sensitive. Less than half of that data is encrypted.
CrowdStrike’s 2023 Global Threat Report explains why cloud-first attacks are growing: Attackers are moving away from deactivating antivirus, firewall technologies and log-tampering efforts and toward modifying core authentication processes, along with quickly gaining credentials and identity-based privileges.
The attackers’ goal is to steal as many identities and privileged access credentials as possible so they can become access brokers — selling stolen identity information in bulk at high prices on the dark web. Access brokers and the brokerages they’re creating often turn into lucrative, fast-growing illegal businesses. CrowdStrike’s report found more than 2,500 advertisements for access brokers offering stolen credentials and identities for sale.
Event
VB Transform 2023 On-Demand
Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.
Register Now
What’s driving CNAPP adoption
Consolidating tech stacks continues to dominate CISOs’ plans, driven by the need to improve efficacy, manage a more diverse multicloud security posture, close gaps between cloud apps and shift security left in DevOps pipelines. All these factors are contributing to the growing adoption of cloud-native application protection platforms (CNAPP).
“CNAPPs are formed from the convergence of cloud security posture management (CSPM) and cloud workload protection platform (CWPP) capabilities as well as other security tooling like entitlement management, API controls and Kubernetes posture control,” reads Gartner’s 2023 Planning Guide for Security.
Leading CNAPP vendors are competing in various areas, the most important of which include the efficacy of their cloud infrastructure entitlement management (CIEM), Kubernetes security, API controls and cloud detection and response (CDR), according to CISOs VentureBeat spoke with. Demand for CNAPP is greatest in larger enterprises from highly regulated industries that rely on extensive multicloud configurations. Finance, government and healthcare providers are among the most dominant industries.
CISOs tell VentureBeat that one of the most practical benefits of CNAPPs is the opportunity to consolidate legacy tools with limited visibility across all threat surfaces and endpoints. The takeaway? Reducing tool sprawl is a quick win.
Benchmarking the top 20 CNAPP platforms for 2023
Full-platform CNAPP vendors provide integrated cloud-native security platforms ranging from DevOps to production environments. Here are the top 20 platforms of 2023:
Aqua Security: Highly regarded for its approach of scanning container registries and images, CSPM and runtime protection for container and cloud-native security. Also has full life cycle protection and advanced runtime techniques, including support for the extended Berkeley Packet Filter (eBPF).
Check Point: Provides a broad set of capabilities through its CloudGuard platform, including CSPM, CIEM and advanced runtime protection. Known for securing cloud workloads across environments with identity-centric access controls, as well as threat intelligence integration to provide real-time contextual prioritization of risks.
Cisco: Recently acquired Lightspin for its Kubernetes security capabilities and CSPM. Its Tetration platform focuses on runtime protection, leveraging eBPF and third-party insights for advanced container monitoring and granular controls. Cisco emphasizes behavioral analytics to detect anomalies and threats in container environments and provides strong controls to limit lateral movement between workloads.
CrowdStrike: Offers a leading CNAPP suite emphasizing identity-centric visibility, least-privilege enforcement and continuous monitoring. Its runtime protection leverages agents and eBPF for workload security. CrowdStrike’s key design goals included enforcing least-privileged access to clouds and providing continuous detection and remediation of identity threats.
Cybereason: Platform focuses heavily on malicious behavior detection. A core strength is its ability to detect threats using behavior-based techniques. The company is also known for API integrations, AI and machine learning (ML) expertise. Cybereason specializes in detecting compromised accounts and insider threats via detailed user activity monitoring.
Juniper Networks: Collects extensive data on device posture and traffic patterns to provide networking context for security insights. Also enables segmentation controls between Juniper devices.
Lacework: Focused on workload behavior analysis for containers and runtime techniques such as eBPF to gain a comprehensive insight into container activity and performance. Its emphasis on detecting anomalies using advanced ML algorithms that are custom-tuned for containerized environments is a key differentiator.
Microsoft: Integrates security across Azure services with zero-trust controls, enforces least-privileged access and provides workload protections such as antivirus and firewalls. Uses Microsoft Graph to correlate security analytics and events across Azure.
Orca Security: Performs continuous authorization checks on identities and entitlements across cloud environments. A key differentiator is the ability to generate detailed interactive maps that visualize relationships between cloud assets, users, roles and permissions.
Palo Alto Networks Prisma Cloud: Provides a broad suite of capabilities, including identity-based microsegmentation and robust runtime protection with eBPF. Prisma Cloud is an industry leader known for advanced protections such as deception technique and includes extensive compliance automation and DevSecOps integrations.
Qualys: Focuses on compliance and vulnerability management through continuous scanning and least-privilege controls. Identifies vulnerabilities throughout the life cycle and enables automated patching and remediation workflows. Another key differentiator is compliance mapping and reporting.
Rapid7: Enforces least privilege access and enables automated response and remediation triggered by events. Offers pre configured policies and streamlined workflows designed for small security teams. An intuitive user interface and rapid implementation aim to simplify deployment and usability for organizations with limited security resources.
Sonrai Security: Focuses on entitlement management and identity-based security using graph database technology to discover and map user identities across cloud environments. User identity, geolocation and other contextual factors can define custom access controls.
Sophos: Focuses on data security, compliance and threat monitoring capabilities and offers advanced data loss prevention such as file fingerprinting and optical character recognition. Cloud environments also have anti-ransomware protections.
Sysdig: Centered on runtime security and advanced behavioral monitoring. For container-level visibility and anomaly detection, the platform uses embedded agents. Sysdig Secure Advisor includes an integrated security assistant to help SecOps and IT teams create policies faster.
Tenable: Focused on compliance, entitlement management and identity governance. Offers comprehensive compliance automation mapped to PCI, HIPAA and ISO regulations. Also provides differentiated identity and compliance management through advanced capabilities to enforce least privilege and certify access.
Trend Micro: Includes runtime security, compliance and threat monitoring, enforces policies and protects cloud environments from file- and email-based threats. Custom sandboxing for suspicious file analysis is also included.
Uptycs: Differentiates itself by combining CNAPP capabilities with extended detection and response (EDR) capabilities. Employs data lake techniques to store and correlate security telemetry across cloud and container workloads. Threats are identified using behavioral analytics, and automated response workflows allow for rapid remediation.
Wiz: Centered on continuous access controls, micro segmentation and identity-based adaptive security. Automatically discovers and visualizes relationships between cloud assets, users and permissions. Wiz also conducts risk analysis to identify potential attack paths and stands out with its specialized visualization, identity management and micro-segmentation.
Zscaler: Posture Control prioritizes risks caused by misconfigurations, threats and vulnerabilities. Completely agentless and correlates data from multiple security engines.
Why CNAPP will succeed as a consolidation catalyst
CNAPPs are gaining popularity as CISOs look to consolidate and strengthen their security technology stacks. Platforms can provide integrated security across the development lifecycle and cloud environments by combining capabilities including cloud workload protection, container security and CIEM.
CNAPP adoption will continue accelerating in highly regulated industries including finance, government and healthcare. CISOs in these industries are under pressure to consolidate tech stacks, improve compliance and secure complex cloud infrastructure simultaneously. Because they provide a unified platform that meets multiple security and compliance requirements, CNAPPs are proving to be an effective consolidation catalyst.
