Today, CNAPP is a billion-dollar industry, providing security teams with the critical visibility they need into complex and dynamic cloud environments. However, while CNAPP has addressed the visibility problem, new challenges have become top of mind, such as how to effectively prioritize, remediate, and mitigate the findings generated by these solutions.
In this blog, we share insights from a recent conversation with Vladi Sandler (Director @ Cisco) on the latest challenges security teams are facing and other emerging cloud security trends and innovations.
The Nature of the Cloud, AI, and Increased Attacker Efficiency
When discussing what has made attackers more efficient at exploiting open risks than ever before, Vladi highlighted two critical points:
Larger focus on misconfigurations: In the cloud, it’s all about configurations, he noted. Misconfigurations are much faster to exploit compared to CVEs. Less than 2% of CVEs are actually exploitable and even then, there is no guarantee of success in a real-world environment. The nature of the cloud and its complexity has created new opportunities for attackers to efficiently execute critical steps in an attack, such as account takeover, privilege escalation, etc.
Artificial Intelligence (AI): AI has also played a significant role here. As discussed in the webinar, attackers are now leveraging AI to identify and exploit open risks with greater speed and efficiency than ever before.
CNAPP Adoption: The Shift from Compliance to Security
Looking back four years ago when CNAPP gained real traction, Vladi discussed the shift in focus that fueled adoption. Between 2018 and 2020, over eight major data breaches highlighted a critical issue: organizations that were compliant on paper were still vulnerable in the cloud. This led to a shift in the conversation—from compliance to security and visibility. Organizations realized they needed more than just compliance and this influenced purchasing decisions. Organizations needed to be compliant, but they also needed cutting-edge capabilities built to adequately secure these new applications and services in the cloud.
Beyond CNAPP: New Challenges in Cloud Security
While the wide-spread adoption of CNAPP has significantly improved visibility into cloud vulnerabilities, misconfigurations and other risks, it has also brought about a new set of challenges. In discussing the next set of priorities for security teams, Vladi highlighted remediation as a top focus. The large number of alerts and findings that are generated by an organization’s cloud security stack on a daily basis has shifted the focus from visibility to effectively resolving these open issues. As Vladi pointed out, cracking the code for providing efficient, straightforward remediation isn’t easy. Especially when it comes to resolving misconfigurations – any mistake during remediation in production environments can lead to downtime or damage. The ideal solution, as Vladi mentioned, would provide seamless, reliable remediation that minimizes risk while increasing efficiency. While AI has made progress in areas like code generation, configuration remediation remains a delicate process that requires precision.
Consolidation and the Platform Game
The evolution we’ve seen in both Endpoint Detection and Response (EDR) and the Cloud Native Application Protection Platform (CNAPP) reflects a broader trend toward consolidation and convergence, driven by larger vendors incentivizing customers to consolidate into broader offerings.
Initially, EDR was focused primarily on protecting on-premise endpoints, but over time, it transformed into XDR and today many XDR vendors provide CWPP coverage as well. Similarly, CNAPP, which initially specialized in posture management, has increasingly broadened its scope. Today, CNAPP is also incorporating capabilities like Cloud Detection and Response (CDR), forensics, AppSec, orchestration, and more. The evolution of the CNAPP acronym itself, from CWPP/CSPM to CNAPP, further reflects this expanded scope.
But can one platform really do it all? At a certain point, too much consolidation leads to diminishing returns. It has always been (and will continue to be) important to find the right balance between streamlining the security stack and taking advantage of differentiated offerings that solve unique challenges really well.
Conclusion
As CNAPP remains a core component of the cloud security stack, the focus is now shifting to the next phase – what comes after CNAPP? In a recent conversation with Vladi Sandler, we explored key trends shaping the future of cloud security. From the latest challenges security teams face to broader market trends, like consolidation.
For a deeper dive into these insights, check out the full conversation here.
