Skip to main content

Cloud Native Tools

·517 words·3 mins
Posts 101 cloud tools
Table of Contents
The CNAPP is advantageous in a number of ways, with the key benefit of increasing Security Visibility to the cloud.

CNAPP
#

A Cloud-Native Application Protection Platform (CNAPP) provides a holistic view of cloud security risks in one platform.

As noted, a CNAPP integrates multiple cloud security capabilities, including CWPP, CSPM and CIEM, even with Kubernetes Security Posture Management (KSPM), with compliance and cybersecurity risk management.

Besides, CNAPP could incorporate shift-left capabilities to identify risks in development lifecycle.

With an agentless CNAPP deployed, the platform can address the cloud security gaps that traditional agent-based tools cannot.

Benefits of CNAPP include centralized management, enhanced visibility, improved security posture, and deeper insights into cloud environments.

Let’s explore the 3-key common components of cloud native tools under CNAPP platform.

Key Components
#

Cloud Workload Protection Platform - CWPP
Protects workloads by detecting threats, managing vulnerabilities, and addressing security risks.
Cloud Security Posture Management - CSPM
Monitors cloud environments, manages configurations, and proactively applies controls for security and compliance.
Cloud Identity Entitlement Management - CIEM
Manages identities, access rights, and permissions to mitigate excessive privileges and data breaches.
Kubernetes Security Posture Management - KSPM
Manages continuous monitoring (misconfiguration), assessing (image/host vulnerability, access control and identity management), and ensuring the security and compliance of Kubernetes environments.

CSPM & CWPP
#

Here’s the summary of CSPM and CWPP.

CSPMCWPP
FocusSecurity posture & compliance of cloud infraProtection of cloud workloads & applications
ScopeMonitor configuration, identity & access, storage.Protect VM, container, serverless workloads, code
ApproachPreventive & proactiveReactive & protective
CapabilityCSPMCWPP
Monitor for misconfiguration & vulnerabilitiesYesNo
Identifies compliance gapsYesNo
Provide risk assessment & visualizationYesNo
Integration into cloud provider API for visibilityYesNo
Measureing the cloud infra and platform servicesYesNo
Protect against malware & intrusionsNoYes
Enable workload behavior analysis & anomaly detectionNoYes
Runtime app security protectionNoYes
Workload hardening and configurationNoYes
Vulnerability ManagementNoYes
Utilize agents for intra-workloadNoYes

Limitations
#

Disadvantages of CSPM & CWPP:

  • CSPM can only identify simple control plane misconfiguration.
  • Some CSPM could have limited insights to workload posture.

Others
#

Cloud Access Security Brokers - CASB
Brokers each session between users and cloud service to enforce policy for enterprise, such as authentication, SSO, authorization, credential mapping, device profiling, encryption, logging, alerting, malware detection/prevention.

Security Visibility
#

When come to the cloud, the key is Security Visibility.

Here’s the evolution of security visibility: starting from agents, then scanners, and CSPM.

AgentsScannersCSPM
ScopeHostNetworkCloud
FocusFull visibility to OS, Apps & DataScan apps & networkExamine cloud metadata
Looking forRogue activityImproper responseDeviations and misconfiguration

Typical Tests
#

CSPM Tests

  • Storage bucket permissions
  • Network configuration
  • IAM hygiene, root usage, password policy, etc
  • User & API logging settings and permissions

CWPP Tests (Agent-based)

  • Software vulnerabilities
  • Malware detection/prevention
  • OS & software patch status
  • Misplaced keys or sensitive data

What Next?
#

CNAPP = CIEM + KSPM + CSPM + CWPP

Links#

Related

Podman 101
·1829 words·9 mins
Posts 101 podman cli tools
Docker alternative with Podman.
Oracle Cloud Free Tier
·257 words·2 mins
Posts cloud free oracle
Build, test and deploy application on a Linux server in Oracle Cloud - for FREE.
VulnCheck KEV Community
·330 words·2 mins
Posts kev python tools vulncheck threatmgmt vulnmgmt
Introducing the VulnCheck Known Exploited Vulnerabilities (KEV) catalog, a free community database of known exploited vulnerabilities fused with exploit intelligence.