Gartner released a report in 2021, "Innovation Insight for Cloud-Native Application Protection Platforms" in which all the CSPM vendors rebranded to, and glazed over what Gartner said. We'll address it here because it is important to clear the industry confusion.
Cloud Security Posture Management (CSPM) platforms won the last huge funding rounds. Wiz, Orca, and Wazuh are very good at what they do, which is to secure infrastructure and the cloud. But what they don't see and keep safe is the code and application layer. Additionally, without automated data science and analytics capabilities using machine learning (ML) algorithms, it is impossible for humans to find potential security threats when they have to rely on manual analysis.
Where's The Gap
All the mature CSPM vendors repositioned their marketing around CNAPP and it has confused the market. The gap is that cloud-native apps are built using CI/CD pipelines, which are made up of many code repositories for one app, several developers, frameworks, languages, third-party components and dependencies, APIs, and services, etc., which could add up to 40+ tools in each product team. These pipelines are highly automated, and a portfolio of applications can have hundreds or thousands of third-party tools and several active CI/CD pipelines. This means that the growing number of organizations that use modern CI/CD development methods are vulnerable to several tools and applications that could be weak, as well as threats from insiders who have access to source code. Yet, it is very hard for security teams to see what they have, how they are set up, and whether or not they are secure.
There's More To The Frankenstack Than Just Cloud Security Posture
Uncontrolled and insecure DevSecOps has taken a tool-based approach to fix security, leaving teams swimming in complexity and drowning in static reporting and scan data. CSPM platforms shifted left from the firewall...a tiny bit. They sit at the Run & Operate phases.
But the industry is talking Shift Left, again, something CSPM to CNAPP branders just glazed over. What about all the other phases in the SDLC DevOps process: Design, Code, Build, & Deploy? CSPMs aren't focused on these challenges. What is missing is continuous and automated analytics providing contextual risk insights into: code, build process hardening, developer activity and behavior, access, delivery risks, and other application and HUMAN related risks. This is a holistic approach to shifting completely left, then back right, and providing continuous monitoring over the entire stack. "Shift Everywhere". Duh, right?
Gartner Even Called Out The Risks (Which Are Being Ignored By So-Called CNAPPs):
What A Comprehensive CNAPP Platform Looks Like (HINT: CSPM + ASPM)
A cloud native application protection platform (CNAPP) is a platform that offers a variety of security tools and services to protect cloud-native applications from different threats and vulnerabilities without stopping developers from building and deploying applications in a cloud environment.
A modern CNAPP aligned with Agile and DevOps has a set of tools, frameworks, and services that SecOps, DevOps, Engineering and Compliance can use to make cloud-native apps that are scalable, reliable, and able to use the cloud's benefits. A complete CNAPP platform shouldn't just focus on the underlying infrastructure as it relates to production (containers, workloads, OS, etc.). It should also include all the people, processes, and technologies across the entire lifecycle for every application or product. Combining the most important parts of an emerging platform category, Application Security Posture Management (ASPM), with CSPM.
Some of the most important parts of a true, comprehensive cloud-native application platform are:
Deliver Comprehensive Software Supply Chain Security With ASPM + CSPM (CNAPP):
Benefits Combining Tauruseer ASPM + CSPM Data Into A Single, Unified Platform
Tauruseer doesn't compete with point solutions or CSPM platforms. Instead, it improves correlation and prioritization by tying cloud security and resources to development and build pipelines and automatically spotting malicious behavior earlier to alert the right teams of applications and products that are currently being actively targeted (see Figure 3 below).
Why Tauruseer CNAPP? Risk Modeling + ML-Driven Analytics In Our Cognition Engine
Tauruseer's patented Cognition Engine and PIRATE™ risk model uses proprietary real-time machine learning (ML) to predict threats. Cognitive security analytics uses algorithms and models that have already been built to look at a lot of data and find risks, security threats, and security holes. The Cognition Engine sends out what we call "Cognitions," which are dynamic risk insights as alerts.
The main reason to use the CERM method is the context. Context sends cognitive security actions to the right people so that they can help organizations take steps to prevent or lessen risks in a more collaborative, effective, and efficient way.
The goal of Tauruseer's CERM is to help an organization speed up the Project-to-Product (P2P) Transformation while also improving the organization's overall security posture.
One of the main benefits of using ML-driven cognitive security analytics is that it can find potential security threats by watching for risk scenarios and risk combinations combined with threat data and making suggestions for how to deal with those threats. The Cognition Engine in Tauruseer can find patterns and trends that humans might not notice right away. The Cognitions provide information that drives a CISO and CTO knowledge base as content for remediation guidance to help the rest of the organization make better security decisions.
Overall, combining historical data with real-time machine learning cognitive security analytics helps people proactively respond to security risks more quickly and effectively, limiting the damage they cause.