3 min. read

What is a CNAPP?

Modern data security focuses on protecting applications that run on containers, workloads, and microservices, which are foundational to cloud-native development. Cloud-native application protection platforms (CNAPP) identify security issues and vulnerabilities earlier in the development cycle, accelerate their remediation, and offer consistent and continuous security and compliance monitoring.

Comprehensive, End-to-End Cloud-Native Security

Established security tools and methods were created to protect on-premises data centers and endpoints. Previous point solutions have made it challenging to secure cloud-native applications through a patchwork of overlapping tools. It has become clear that cloud-native technologies require a complete lifecycle approach to security.

CNAPP Functionality

Cloud native application protection platforms consolidate tooling and security platforms, handling security and compliance along a continuum for development, operations, and security teams.

As a new category of cloud security platform, CNAPP provides full-stack security through three or more main components:

  • Cloud Security Posture Management (CSPM) monitors, identifies, and alerts to compliance risks and misconfigurations in cloud environments, as well as remediates those risks.
  • Kubernetes Security Posture Management (KSPM) is a CSPM designed to scan, monitor, benchmark, and test Kubernetes environments and configurations.
  • Cloud Workload Protection Platform (CWPP) provides visibility and control for physical and virtual machines as well as containers and serverless workloads across hybrid and multi-cloud environments.
  • Cloud Service Network Security (CSNS) protects cloud infrastructure in real-time through web application firewalls, web and API protection, DDOS defense, and load balancing.
  • Cloud Infrastructure Entitlement Management (CIEM) mitigates risks from public cloud data breaches by continuously monitoring permissions and activities.

The beauty of a cloud native application protection platform is that it can address development, runtime, and compliance issues as a continuum across development and operations. Additionally, it brings together insights from a wide range of data sources, visualizing those risks that should be prioritized.

In our next article [LINK], we look further at the benefits of CNAPP and why choosing a CNAPP is a more reliable, seamless, and robust approach to cloud-native application security.

What to Look for When Choosing a CNAPP

All CNAPPs should scan and protect cloud infrastructure and workloads while being integration-ready with existing DevSecOps and CI/CD pipelines. And while there is foundational functionality to be expected from any CNAPP, vendor-specific features can address unique security needs.

Here are the top three capability areas to look for in a CNAPP:

Complete visibility across multi-cloud Infrastructures

Ensure that your CNAPP works across all applications, microservices, APIs, and cloud resources you have deployed and provides the needed level of artifact and exposure scanning. This view should stretch across all public cloud service providers. The platform should also prioritize mitigation and report on what automated steps were taken or actions that should be handled manually.

Enable true “shift left” DevSecOps

A cloud native application protection platform enables threat and vulnerability detection earlier in the SDLC. Alerts and data visualizations should be easy to set up, change, and trigger automated and manual mitigation activities.

Facilitate end-to-end cloud security governance

Your CNAPP should easily detect and manage vulnerabilities and security misconfigurations but also carry out runtime protection, network-based behavioral monitoring, automated compliance and governance over data, identity-based controls, and configurations.

CNAPP Supports Bidirectional Feedback to Evolve the CI/CD Pipeline

A CNAPP supports modern application development by securing it from end to end. It integrates risk analysis throughout cloud-native development enabling teams to improve their application’s overall security posture. In multi-cloud environments, a CNAPP provides a platform-based approach that seamlessly addresses security concerns from a single pane of glass.

Modern Cloud-Native Security Relies on Panoptica

Cisco’s Emerging Technologies and Incubation (ET&I) team is paving the way with “DevOps-friendly” cloud-native security solutions that fundamentally simplify conventional offerings. Our Panoptica solution simplifies cloud-native application security, making it easy to embed into the software development lifecycle. Panoptica protects the full application stack from code to runtime by scanning for security vulnerabilities in the cloud infrastructure, microservices (Containers or Serverless), the software bill of materials, and the interconnecting APIs. And best of all, it integrates with the tools that your application development and SecOps teams are already using. Try Panoptica for free!