Home SecurityCloud Security CNAPP buyers guide: Top tools compared

CNAPP buyers guide: Top tools compared

Source Link

Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms representing possible solutions. Now there’s another: the cloud native application protection platform, or CNAPP. This tool combines the coverage of four separate products:

  • A cloud infrastructure entitlements manager (CIEM) that manages overall access controls and risk management tasks
  • A cloud workload protection platform (CWPP) that secures code across all kinds of cloud-based repositories and provides runtime protection across the entire development environment and code pipelines
  • A cloud access security broker (CASB) that handles authentication and encryption tasks
  • A cloud security posture manager (CSPM) that combines threat intelligence and remediation

IT and security managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.

That is a lot of software to manage, integrate, and understand. However, almost none of the products that claim to be CNAPP have a full set of features that incorporate all four of these categories. What follows is an overview of the landscape and advice on how to navigate amongst the contenders.

Two approaches to CNAPP

There are two ways to approach CNAPP: from the DevSecOps perspective or from traditional IT security practices. The former means more of a focus on protecting the apps themselves (the first two product categories mentioned above), the latter more on expanding traditional network-level protections (the last two product categories mentioned above).

The summary chart below notes which of these two directions each vendor is coming from, other notable and integration features, whether they offer a complete CNAPP solution, and what little information is available about their pricing strategy.

I interviewed the following vendors and summarized the results in the chart below:

Related Articles

Leave a Comment