Tech Recipe Book
My Services
  • Book
    • About the author
    • Architect
      • Algorithms
        • DB index algorithms
          • How does database indexing work
        • Neural network optimization
          • Neural Network Optimization
        • Route search
          • Road network in a database to build a route
          • Traveling Salesman Problem (TSP)
      • Architecture Frameworks
        • DODAF
        • TOGAF
        • Enterprise Architecture (EA) Tools Reviews 2023 | Gartner
      • Zero Trust
      • Billing
        • SHM billing system
      • Bots
        • Discord
        • Telegram
          • Chat GPT Telegram bot
          • Получаем статистику Telegram-канала при помощи api и python или свой tgstat с регистрацией и смс
          • Как хостить телеграм-бота (и другие скрипты на Python) на Repl.it бесплатно 24/7
          • Создание Telegram бота на PHP #1: основные понятия для работы с API
          • Создание Telegram бота на PHP #2: создание первого бота для Telegram
          • Создание Telegram бота на PHP #3: примеры отправки сообщений с кнопками в Telegram
          • Создание Telegram бота на PHP #4: отправка файлов и изображений в Telegram
          • Создание Telegram бота на PHP #5: работа с хуками
      • Business intelligence
      • Cloud Storage
        • Ceph
        • Virtual Distributed File System
      • Cryptography
        • Open Source PKI Software
        • OpenPGP
          • Email Encryption
          • Kleopatra
          • Miscellaneous Tools
          • Server side applications
      • Message broker
        • Kafka
          • Kafka UI-tools
          • Kafka streams ksqlDb
        • RabbitMQ
      • DB
        • MySQL
          • Auto sharding
          • MariaDB Zabbix monitoring
          • MySQL and MariaDB replication with Zabbix monitoring
        • Postgres
          • HA PostgreSQL with Patroni, Haproxy, Keepalived
          • Mass parallel requests - Greenplum
          • PostgreSQL cluster for development and testing
        • Vitess - Scalable. Reliable. MySQL-compatible. Cloud-native. Database.
      • Identity and Access Management (IDM)
        • FreeIPA - Identity, Policy, Audit
        • FreeIPA as an Enterprise solution
        • Keycloak
          • Keycloak HA cluster
        • Open Identity Platform
        • SSO
          • Keycloak for Java app
          • OpenAM
          • OpenIG
      • Firewall
        • nftables
      • Infrastructure As a Code
        • Ansible
        • IaC Packer Ansible Teraform
        • Installing Jenkins using terraform in Kubernetes in Yandex Cloud with letsencypt
        • Teraform Crosplan Pulumi
        • Yandex IaC solutions
      • Kubernetes
        • Installation
          • Install Kubernetes cluster
          • Deploying a Kubespray cluster to OpenStack using Terraform
          • Kube deploy in Yandex cloud
        • Frameworks
          • Deckhouse
            • LDAP authentification
            • On premise Install
            • Yandex Cloud Install
          • K3S
          • OpenShift OKD
          • RKE2
          • Rancher
            • Rancher Install
        • Auth
          • Keycloak in k8s
          • LDAP
        • GUI management Lens
        • Monitoring
          • Monitoring with Falco
          • Network monitoring
          • Nginx ingress
          • Prometheus Graphana for sample Nodejs app
          • Rsource monitoring Avito
        • Exposing services
          • Exposing Kubernetes Services
          • Cilium BGP
        • CNCF
        • Helm
          • Repositories
            • Artifact Hub | official
            • Bitnami | vmware
          • Awesome helm charts and resources
          • Essential Services for Modern Organizations
          • Security and Compliance
          • Additional charts
        • Isolation
          • vcluster - Virtual Kubernetes Clusters
          • Kiosk
          • KubeArmor
          • Control Plane Hardening
          • Hierarchical namespaces
        • Security Center
          • Minesweeper
          • NeuVector by SUSE
          • SOAR in Kubernetes
          • Security Сenter for Kubernetes
        • Terraform CI security
          • Terraform plan analysis with Checkov and Bridgecrew
          • Yandex Terraform scan
        • Vulnerability management
          • Aqua
          • Sysdig
          • Kyverno
          • GitLab
          • NeuVector by SUSE
        • Image scanning
          • Snyk
          • Sysdig
          • Harbor
          • Trivy
        • Signature verification
          • Sigstore
        • Control plane security
          • Gatekeeper
            • Applying OPA Gatekeeper
          • Kyverno
            • Policy as a code. Kyverno
        • Runtime Security
          • Osquery
          • Falco
          • ClamAV
        • Network security
          • Cilium
          • Control Plane Hardening (API restriction)
          • Network policy recipes
          • Service mesh
            • Istio HA, LoadBalance, Rate limit
          • mTLS Autocert
        • Honeypot
          • Building honeypot using vcluster and Falco
        • Backup
          • Kasten K10
        • Secrets
          • Vault CSI Driver
      • Load Balance
        • Nginx
        • HAProxy
          • Proxy methods
          • HAProxy for RDP
          • Payment gateway A/B test with HAProxy
          • HAPRoxy for Percona or Galera
      • Monitoring
        • Zabbix
          • Apache Zabbix
          • Disc Quota
          • Nginx Zabbix
          • SSL certificates Zabix
          • Zabbix notifications
        • Nagios
          • Datacenter monitoring
        • Prometheus and Grafana
      • Windows
        • Sysmon enhanced Windows audit
        • Sysmon to Block Unwanted File
      • Linux
        • Rsync
        • Debian based
          • Apt-Cacher NG
          • Unattended Upgrades in Debian / Ubuntu
        • RedHat basede
          • RPM Server
        • Logs analysis
        • Build armhf qemu
      • NGFW
      • CI/CD
        • DevSecOps
          • DAST
            • Burp
              • Dastardly
            • StackHawk
            • ZAP and GitHub Actions
          • SAST
            • Checkmarx
            • OSV by Google
            • Snyk
            • SonarQube
        • GitLab Runner in Yandex Cloud
        • Dynamic Gitlab Runners in Yandex Cloud
        • GitLab runner in Kubernetes with Werf
        • Kubernetes deploy strategies
        • Kubernetes highload deploy. part 1
        • Kubernetes highload deploy. part 2
        • Kubernetes Argo Rollouts
        • Jenkins in Kubernetes
        • Ansible Semaphore
        • Image storage, scaning and signing
        • Install WireGuard with Gitlab and Terraform
        • CI/CD example fror small web app
        • Threat matrix for CI CD Pipeline
      • SIEM / SOC
        • Datadog
        • Splunk
          • Splunk — general description
        • MaxPatrol
          • MaxPatrol 8 and RedCheck Enterprise
        • QRadar IBM
        • Cloud Native Security Platform (CNAPP) - Aqua
        • OSSIM | AT&T
          • AlienVault (OSSIM) install
        • Wazuh
        • EDR
          • Cortex XDR | Palo Alto Networks
          • Cynet
          • FortiEDR | Fortinet
          • Elastic
        • Elastic
          • Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 22.04
          • Setting Up Elastic 8 with Kibana, Fleet, Endpoint Security, and Windows Log Collection
        • Threat Intelligence
          • MISP
          • msticpy Microsoft
          • X-Force | IBM
          • Elastic
      • VPN
        • Full-Mesh VPN fastd, tinc, VpnCloud
        • Wireguard
          • WireGuard for Internet access
          • WireGuard on MikroTik and Keenetic
          • WireGuard site to site
        • SoftEther VPN Project
        • Cisco AnyConnect client
        • OpenConnect
        • SSTP python server
      • OS hardening
        • CIS Benchmarks
      • Cloud Providers
      • OpenNebula
        • OpenNebula Edge Cloud - Open Source Cloud & Edge Computing
        • Discover OpenNebula – Open Source Cloud & Edge Computing Platform
        • OpenNebula Multi-Cloud
        • Kubernetes on OpenNebula
        • The Open Source Alternative to Nutanix
        • The Simple Alternative to OpenStack
        • OpenNebula Partner Ecosystem
      • OpenStack
        • Install manual
        • Install with DevStack
      • VM
        • Create a VHD file from a Linux disk
        • Backup / Migration
          • Coriolis
          • Proxmox Backup Server
        • oVirt
        • VMware vCenter
        • Proxmox
      • Docker
        • Container optimization
        • Ubuntu RDP container
      • LXC
        • LXD on Ubuntu 18.04
        • Install, Create and Manage LXC in Ubuntu/Debian
    • Big Data
      • OLAP data qubes
      • Storage and autoscale in Lerua
    • Machine Learning
      • Yandex YaLM 100B. GPT model
      • Kaggle Community Datasts Models
      • AI in video production
      • Image search
      • Chat bots
        • You.com
        • Chat GPT
          • Implementing GPT in NumPy
        • Jailbreak Chat
      • Coding plugins CodeWhisperer
    • Malware
      • Isiaon/Pitraix: Modern Cross-Platform Peer-to-Peer Botnet over TOR
      • theZoo A repository of LIVE malwares
    • Pentest
      • Red Team
        • MITRE ATT&CK matrix
        • C2 Frameworks
          • Brute Ratel C4
          • Cobalt Strike
          • Covenant
          • Havoc Framework
          • Merlin
          • Metasploit
          • Sillenttrinity
          • Sliver
        • Manage and report
          • Dradis Framework
          • Hexway
        • Underground
      • Social engineering
        • Social Engineer Toolkit setoolkit
      • OSINT
        • OSINT for comapny
        • Instagram fishing
      • Forensics
        • Forensics tools
      • Pentesting Methodology
      • Web
      • CI/CD Methodology
      • Cloud Methodology
        • Hacking The Cloud
      • Kubernetes Pentesting
      • Android
        • SSL Unpinning for Android applications
      • iOS
        • SSL unpinning iOS and macOS applications
      • HackBar tool
      • CyberChef Tools
      • Python virtualenv
      • IppSec - YouTube
      • Hacktricks.xyz
    • Compliance
      • 152 ФЗ. Personal data
      • PCI DSS and ГОСТ Р 57580.1-2017
      • Cloud compliance
      • ГОСТ Р 57580.1-2017 для Kubernetes
      • Kubernets as DevSecOps and NIST compliance
      • NIST SP 800-61 cyberincidece control
      • CIS Kubernetes Benchmark v1.6 - RKE2 v1.20
      • CIS Kubernetes Benchmark v1.23 - RKE2
      • Requirements for Russian Banks
      • Tools
        • Chef InSpec
        • Elastic SIEM
    • Asset management
      • CMDBuild
    • Project management
    • Incident management SRE
    • Risk management
      • IT risk management
      • BSI-Standard 200-3
    • Web Dev
      • Cookie security
      • OWASP Top 10 2021
      • Docker nginx php mysql
      • Docker tor hiddenservice nginx
      • Docker Compose wp nginx php mariadb
      • Dependency Checking
        • Nexus Analyzer
        • OWASP dependency-check
      • Yii skeeks cms
      • YiiStudio
    • Art
      • GTK Themes
      • Themes for Xfce Desktop
      • XFCE / Xubuntu Windows 95
      • Moscow events
      • Photo goods
      • Russian style gifts
    • Cryptocurrency
      • News
      • Arbitrage
      • Stocks
      • Exchange aggregators
      • Where to use
      • Prepaid cards
        • BitFree
        • Pyypl Your Money at Your Fingertips
    • IT magazines
      • WIKI and Writeups tools
        • BookStack
        • GitBook
        • MkDocs
        • Wiki.js
        • DokuWiki
    • Languages
    • Learning
      • (ISC)2
        • CISSP
      • Offensive Security
        • OSCP
        • OSEP
        • OSED
      • DevSecOps
        • Certified DevSecOps Professional (CDP)
        • Certified DevSecOps Expert (CDE)
      • Web Security Academy: PortSwigger
    • Relocation
      • London experience
      • IT visas in 2022
      • Remote work
      • Running business in UAE
    • Freenet
      • Independent online services: the philosophy of a free Internet
      • Tor Project Anonymity Online
      • I2P Anonymous Network
    • Services
      • SMS Registration
        • Registering ChatGPT in Russia
      • Local and regional eSIMs for travellers - Airalo
      • Digital busines cards
      • No KYC services and exchanges
Powered by GitBook
On this page
  • What is CNAPP?
  • Factors Driving Interest in CNAPPs
  • Increasing Adoption of Cloud Technologies
  • Rising Complexity of Cloud Environments
  • Growing Cybersecurity Threats Targeting Cloud Infrastructure
  • Demand for DevSecOps Integration
  • Regulatory Compliance Requirements
  • Key CNAPP Features and Capabilities
  • Cloud Security Posture Management (CSPM)
  • Infrastructure-as-Code (IaC) Scanning
  • Cloud Workload Protection Platform (CWPP)
  • Kubernetes Security Posture Management (KSPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Graph Database Technology
  • Choosing CNAPP Solutions
  • Integrations
  • Runtime Visibility
  • Advanced Analytics
  • Templates for Common Compliance Frameworks
  • Cloud Provider Support
  • Overcoming CNAPP Adoption Hurdles
  • Simplifying Implementation
  • Agentless vs. Agent Based
  • Demonstrating ROI
  • Integrating with Existing Security Tools
  • Addressing Knowledge and Skill Gaps
  • Best Practices for CNAPP Adoption
  • Strategy and Planning
  • Evaluation
  • Deployment
  • CNAPP with Aqua Security

Was this helpful?

  1. Book
  2. Architect
  3. SIEM / SOC

Cloud Native Security Platform (CNAPP) - Aqua

Last updated 1 year ago

Was this helpful?

What is CNAPP?

Cloud native application protection platforms (CNAPPs) are a unified set of tightly integrated security and compliance functionality designed to protect cloud native applications across the entire lifecycle—from development to production. It is an emerging category of security solutions, defined by Gartner, which aims to address the unique security requirements of cloud native environments.

CNAPPs consolidate multiple previously disparate capabilities, such as , , cloud infrastructure entitlement management (CIEM), cloud security posture management (), runtime workload protection (), runtime configuration scanning, and vulnerability scanning.

Key benefits of CNAPP include:

  • Integrated platform: Instead of protecting cloud native applications with multiple siloed solutions, each with its own interface and learning curve, CNAPP allows security teams to protect applications via one unified and tightly integrated solution.

  • Enhanced security posture: CNAPPs enable a proactive security approach by offering comprehensive , configurations, vulnerabilities, and supply chain risks across multiple environments. This allows organizations to quickly identify potential risks and take remediation steps before an incident occurs.

  • Accelerated incident response: In case a vulnerability or breach is detected within your environment, CNAPP solutions offer automated response capabilities that help minimize damage by quickly containing threats before they spread further.

  • Reduced complexity: Managing multi-cloud environments can be complex, leading to misconfigurations or gaps in security coverage. A well-designed CNAPP simplifies this process, making it easier for organizations to maintain consistent policies across all their cloud assets while reducing operational overheads.

In this article:

Factors Driving Interest in CNAPPs

The growing interest in CNAPPs can be attributed to several key factors highlighting the need for comprehensive, integrated security solutions for modern cloud environments.

Increasing Adoption of Cloud Technologies

As cloud technologies gain popularity due to their flexibility, scalability, and cost-effectiveness, organizations need tailored security solutions that can effectively protect these complex environments.

Rising Complexity of Cloud Environments

Growing Cybersecurity Threats Targeting Cloud Infrastructure

Cybercriminals continue to evolve their tactics as organizations shift towards the cloud. The growing number of high-profile breaches involving cloud-based resources underscores the importance of effectively securing these environments. CNAPP solutions help organizations stay ahead of emerging threats by providing continuous monitoring and advanced threat detection capabilities tailored for dynamic cloud workloads.

Demand for DevSecOps Integration

  • Better collaboration: Organizations embracing DevSecOps practices seek tighter integration between development, operations, and security teams. CNAPPs facilitate this collaboration by providing a unified platform that can be used by all stakeholders.

Regulatory Compliance Requirements

Key CNAPP Features and Capabilities

Cloud Security Posture Management (CSPM)

CSPM solutions enable organizations to identify and address risks within their cloud environments by continuously monitoring configurations across various services. This ensures cloud resources are compliant with industry standards and best practices while minimizing potential attack surfaces.

Infrastructure-as-Code (IaC) Scanning

Cloud Workload Protection Platform (CWPP)

Kubernetes Security Posture Management (KSPM)

Cloud Infrastructure Entitlement Management (CIEM)

CIEM tools assist organizations in managing access permissions for users and applications across their cloud infrastructure. By continuously monitoring entitlements, CIEM solutions can identify excessive or unused permissions that could be exploited by attackers to gain unauthorized access to sensitive resources.

Graph Database Technology

A key component of a robust CNAPP offering is its ability to analyze and understand the complex relationships between various application components, services, and data.

Graph database technology can be used to model these relationships, enabling the CNAPP to gain a holistic view of an application’s architecture and dependencies. By leveraging graph databases, CNAPP can identify potential security risks and vulnerabilities within the application’s structure, as well as track the flow of sensitive data.

Choosing CNAPP Solutions

When evaluating a CNAPP solution, focus on these key criteria:

Integrations

Runtime Visibility

Favor CNAPP vendors that provide a variety of runtime visibility techniques,

including traditional agents, Extended Berkeley Packet Filter (eBPF) support,

snapshotting, privileged containers, and Kubernetes integration. This will ensure maximal flexibility at deployment.

Advanced Analytics

A well-architected CNAPP should utilize advanced analytics capabilities to identify and respond to security threats in real-time. Machine learning and artificial intelligence can be employed to analyze vast amounts of data generated by cloud-native applications and detect anomalous patterns, which may indicate a security breach or vulnerability. Analytics is also used to correlate vulnerabilities, configurations, and other parameters and automatically prioritize risk.

Templates for Common Compliance Frameworks

A well-architected CNAPP should include support for common compliance frameworks, providing organizations with predefined templates and guidelines to ensure that their cloud-native applications adhere to relevant industry standards and regulations.

By providing templates and guidelines for common compliance frameworks, such as GDPR, HIPAA, PCI-DSS, and ISO 27001, a CNAPP solution can simplify the process of managing and maintaining regulatory compliance. Organizations can easily understand and implement the necessary security controls and measures required by these frameworks, reducing the complexity of compliance management.

Cloud Provider Support

As organizations increasingly adopt multi-cloud strategies to leverage the unique capabilities of different cloud providers or to avoid vendor lock-in, a CNAPP should offer support for all major cloud providers, including AWS, Azure, Google Cloud, and others. This allows organizations to consistently secure their applications, regardless of the underlying cloud infrastructure.

Overcoming CNAPP Adoption Hurdles

Simplifying Implementation

Implementing CNAPP solutions can be complex due to factors such as diverse technology stacks, multi-cloud environments, or hybrid infrastructures. To streamline this process, organizations should work with experienced vendors who offer comprehensive support during deployment. Additionally, creating clear guidelines for integrating CNAPP tools into existing workflows will ensure an easier transition.

Agentless vs. Agent Based

Choosing the right CNAPP deployment method is a critical decision point. This typically involves the long-lasting industry debate between agent-based or agentless solutions.

Ultimately, a robust CNAPP solution must combine both agentless and agent-based technology in a single platform, ensuring a strong connection, unified visibility, and correlation of the risks between the two. By leveraging fast agentless visibility connected with real-time in-workload detection and response capabilities in one tightly integrated platform, security teams can achieve the most effective and efficient cloud security.

Demonstrating ROI

It is crucial for IT leaders within an organization to demonstrate the return on investment (ROI) associated with adopting CNAPP solutions. By highlighting the long-term benefits of enhanced security, reduced risk, and improved compliance, it becomes easier to justify budget allocations for these tools.

Integrating with Existing Security Tools

Organizations may already have various security tools in place that need integration with CNAPPs. Integration can be challenging but is essential for maximizing the effectiveness of both existing and new security measures. To achieve this, organizations should opt for CNAPP solutions that offer open APIs or built-in integrations with popular cloud-native technologies.

Addressing Knowledge and Skill Gaps

Because CNAPP is a new category, security professionals and cloud-native engineers may have inadequate awareness of their capabilities. In addition, the rapid evolution of cloud-native environments has resulted in skill gaps among IT professionals who may not yet possess the expertise required to manage CNAPPs effectively.

To address this challenge, organizations should invest in ongoing training programs and consider hiring dedicated experts specializing in cloud-native application protection.

Best Practices for CNAPP Adoption

When adopting a Cloud Native Application Protection Platform (CNAPP), organizations should consider several best practices to ensure a successful implementation. These practices can be divided into three key stages: Strategy and Planning, Evaluation, and Deployment.

Strategy and Planning

In this stage, organizations should first identify their security requirements and objectives. This includes understanding the specific risks and threats associated with cloud-native environments, as well as relevant compliance and regulatory requirements. A thorough assessment of the current security posture, including potential gaps and weaknesses, should be performed to help guide the selection of a CNAPP solution that best aligns with the organization’s needs.

It’s also essential to involve relevant stakeholders, such as security, development, and operations teams, in the planning process. This collaboration ensures that everyone understands the benefits and expectations of the CNAPP implementation, which can help reduce resistance and promote a culture of shared responsibility for security.

Evaluation

When evaluating CNAPP solutions, organizations should consider various factors, such as the platform’s capabilities, ease of use, scalability, and integration with existing tools and infrastructure. It’s important to select a solution that meets both current and future security needs, while also fitting within the organization’s budget and resource constraints.

Organizations should also consider conducting proof-of-concept (PoC) tests with multiple vendors to gain hands-on experience with the platforms and assess their effectiveness in addressing security concerns. This will enable organizations to make a more informed decision when selecting a CNAPP solution.

Deployment

Once a CNAPP solution has been selected, organizations should carefully plan the deployment process. This includes determining the scope of the implementation, setting milestones and timelines, and assigning responsibilities to various teams.

Finally, organizations should invest in training and knowledge sharing to ensure that all relevant teams are familiar with the CNAPP platform and its capabilities. This will enable them to effectively use the platform to monitor, detect, and respond to security threats and incidents.

CNAPP with Aqua Security

Aqua Security enables organizations to unify cloud native application protection and detect, prioritize, and reduce risks across every phase of their software development life cycle.

The Aqua Cloud Native Security Platform is a Cloud Native Application Protection Platform (CNAPP) solution that secures your cloud native applications from day one and protects them in real time. With its fully integrated set of security and compliance capabilities, you can discover, assess, prioritize, and reduce risk in minutes across the full software development life cycle while automating prevention, detection, and response.

Modern often involve multiple services, platforms, and tools working together. This complexity challenges traditional security approaches to provide adequate protection across all components. CNAPPs address this issue by offering a holistic solution designed explicitly for complex multi-cloud ecosystems.

Shift-left security: Shifting security left in the development lifecycle is crucial for identifying and mitigating vulnerabilities early on. CNAPPs support this approach through features like and Infrastructure-as-Code (IaC) scanning, which helps detect potential issues before they become critical risks.

Maintaining adherence to industry-specific rules and norms is an ongoing struggle for companies utilizing cloud services. CNAPP solutions help businesses meet these requirements by offering built-in compliance checks, reporting capabilities, and remediation guidance tailored to various regulatory frameworks such as GDPR, HIPAA, or .

CNAPPs offer a comprehensive approach to securing your infrastructure, code, workloads, and networks by combining multiple security capabilities in one unified platform. In this section, we’ll cover the main features of CNAPPs as described in Gartner’s report.

Learn more in our detailed guide to

tools examine code templates used for provisioning infrastructure components in the cloud. These tools identify misconfigurations or vulnerabilities before deployment into production environments, reducing the risk of breaches caused by insecure deployments.

A offers runtime protection for workloads running on virtual machines, containers, or serverless functions in public clouds. It monitors processes and system calls at runtime to detect malicious activities such as unauthorized access or data exfiltration attempts.

is a subset of CWPP specifically focused on managing the security posture of Kubernetes clusters. KSPMs ensure Kubernetes configurations follow best practices, while providing insight into cluster-wide risks associated with misconfigurations or vulnerable container images.

A single-vendor CNAPP solution should be easily integrated into an organization’s existing infrastructure and workflows. This includes compatibility with popular cloud platforms, container orchestration systems, and . It should also support various security tools, such as vulnerability scanners, compliance checkers, and intrusion detection systems. A well-integrated CNAPP will streamline the process of securing cloud-native applications while minimizing the need for manual intervention.

A well-architected CNAPP offering should provide extensive support for various cloud providers, enabling organizations to secure their across multiple platforms.

CNAPPs require the installation of software agents on each system that needs protection. These agents actively monitor and enforce the security policies set by the CNAPP, allowing for a high degree of control and granularity. The unique vantage point of agent technology enables you to detect advanced attacks such as fileless malware that evade agentless scanning technology. However, this approach requires careful management and may introduce complexity in diverse environments due to different operating systems, versions, or cloud platforms.

On the other hand, agentless CNAPPs operate at a higher level, typically interfacing directly with the cloud providers’ APIs. technology consists of taking snapshots of running workloads and scanning them via cloud providers’ APIs. This method provides quick visibility into cloud workloads, risk posture management, while detecting some, but not all, risks, such as misconfigurations, vulnerabilities, and more. This approach is simpler, but typically cannot offer the same level of granular control and security as agent-based solutions.

During deployment, it is crucial to ensure that the CNAPP is properly configured and integrated with existing systems, such as , container registries, and monitoring tools. This integration will help maximize the platform’s effectiveness and provide a holistic view of the organization’s security posture.

https://www.aquasec.com/cloud-native-academy/cnapp/what-is-cnapp/
container scanning
infrastructure-as-code (IaC) scanning
CSPM
CWPP
visibility into cloud resources
Factors Driving Interest in CNAPPs
Key CNAPP Features and Capabilities
Choosing CNAPP Solutions
Overcoming CNAPP Adoption Hurdles
Best Practices for CNAPP Adoption
cloud-native architectures
static application security testing (SAST)
PCI DSS
Innovation Insight for Cloud-Native Application Protection Platforms
Gartner CSPM
IaC scanning
CWPP
KSPM
CI/CD pipelines
cloud-native applications
Agent-based
Agentless scanning
CI/CD pipelines