Running confused deputy attacks exploiting the AWS Serverless Application Repository Early this month at …
The cloud security community is filled with different acronyms and it can be hard to keep track of every single term. A relatively new addition is cloud-native application protection platform (CNAPP).
Table Of Contents
What is CNAPP?
Gartner recently coined the term Cloud-Native Application Protection Platform (CNAPP) to refer to a new category of cloud security tools, combining Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP). Generally speaking, CNAPP tools scan cloud configurations for security issues during the development, and aim to protect their runtime workloads. Thereby, the tools give context to found security issues (e.g., which cloud resources they affect) and increase visibility on cloud environments and assets.
What problems does CNAPP solve?
Since the shift to cloud-native technologies, like Infrastructure-as-Code, containers, serverless functions, etc., traditional security tools struggle to provide adequate coverage to protect complete cloud environments, since they only focus on single aspects. To cope with that, CNAPP focuses on the holistic protection of such cloud-native applications, including the detection of cloud misconfigurations. Therefore, CNAPP tools aim to correlate and identify high priority risks instead of producing a long list of security warnings, which is what often tends to happen when using separate solutions that focus only on a specific type of security issues. CNAPP can help you solve the following challenges in cloud security:
- Like CSPM tools, they check for cloud security misconfigurations, e.g. open S3 buckets, databases, and open network ports.
- Like CWPP tools, they monitor your cloud workloads and detect anomalies at runtime.
- Like CWPP tools, they provide you with an overview of your security workload and allow the automated detection of vulnerabilities within containers, VMs, or serverless functions.
- A novel feature of CNAPP tools is that they correlate the findings of CSPM and CWPP tools to identify high-priority risks.
Like CSPM tools, CNAPP tools must be directly integrated into CI/CD pipelines or directly connected to the cloud environment to automatically and continuously scan your development and production environments.
A problem with CSPM and CWPP tools is their lack of context - both tools produce a large amount of warnings that need to be manually triaged, rated, and assessed for their introduced risk. CNAPP tools, on the other hand, support security teams by providing context to each warning, helping to better assess the associated risk.
CNAPP tools help security teams that are drowning in security alerts by providing context and, thereby, help to triage security issues more effectively.