Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate

For increased agility, scalability, and pace of innovation, modern businesses are building and adopting   cloud native applications and practices. However, the highly distributed, microservice-based architecture of these applications creates a unique set of challenges, particularly around security. Enter Cloud Native Application Protection Platforms (CNAPPs).

According to the 2023 Gartner® Market Guide for Cloud-Native Application Protection report, “Until recently, comprehensively securing cloud-native applications required the use of multiple tools from multiple vendors that are rarely well-integrated and often only designed for security professionals, not in collaboration with developers. This lack of integration creates fragmented views of risk with insufficient context individually making it difficult to prioritize the actual risk. As a result, fragmented tools create excessive alerts, wasting developers’ time and making remediation efforts confusing to target roles.”

CNAPPs address the full life cycle protection requirements of cloud native applications from development to production. They bring together multiple security and protection capabilities to identify and prioritize excessive risk of the entire cloud native application and its associated infrastructure.

Much of their core value lies in early risk detection in the software development lifecycle, enabling faster remediation. This unified, consistent, and continuous posture enhances overall cloud security and policy compliance.

A recent Enterprise Strategy Group (ESG) white paper, Enhance Security and Gain Comprehensive Visibility with Cloud-native Application Protection Platform (October 2023), details the importance of CNAPPs for organizations that need to drive efficiency, security, and compliance across their software development lifecycle (SLDC) and cloud estate.

The white paper indicates that almost half of the developers surveyed say they regularly push code to production with known vulnerabilities. With 97% of organizations experiencing a cybersecurity incident related to internally developed cloud native applications in the previous 12 months, the risks and stakes are too high to continue with a patchwork approach to security.

Organizations need a modern security solution to support the developer-ready, complex infrastructure needed for application development. They need unified visibility, automated security, compliance monitoring and reporting, and centralized management that only a CNAPP can provide.

Rising Demand for Unified End-to-End Security

The ESG white paper points to three main benefits of CNAPPs which are multicloud visibility, acceleration of “shift left” protection, and proactive cloud-security governance. Taken together, these capabilities are creating a new and unified approach to securing the cloud native application estate.

• Complete visibility across multicloud infrastructures

Designed for cloud scale, CNAPPs offer insight into the security of multicloud environments. This allows security teams to simplify security management and orchestration of public and private cloud resources.

As defined by Enterprise Strategy Group, “A CNAPP should work across all applications, microservices, APIs, and cloud resources deployed and provide the needed level of artifact and exposure scanning. It should provide a single dashboard that spans all public cloud service providers. The platform should also prioritize mitigation, reporting on the automated steps available, as well as the actions that should be handled manually.”

• True “shift left” DevSecOps

Organizations remain under enormous pressure to optimize and release code faster. According to ESG, almost half (48%) of those surveyed regularly push code with known vulnerabilities to production and nearly one-third (31%) do so occasionally. Consequently, 97% experienced a cybersecurity incident in the previous year related to internally developed applications.

CNAPPs enable streamlined security testing integrated into modern DevOps practices. This balances security and speed in a way that won’t slow down innovation. With rapid testing, risk identification, and remediation, organizations can reap the benefits of reduced developer costs and faster speed-to-market.

•  Facilitation of end-to-end cloud security governance

CNAPPs provide a holistic view spanning application development, deployment, and runtime. This enables proactive risk assessment and compliance monitoring, and consistent enforcement of security governance policies across multi-cloud environments.

They also offer the ability to automatically detect and, in some cases, remediate misconfigurations, vulnerabilities, and threats in real time. Additionally, by integrating with or in some cases ingesting threat feeds and analytics, CNAPPs enhance detection capabilities so security teams can swiftly respond to emerging threats.

CNAPPs are gaining traction among security teams. They overcome the challenges of siloed point solutions, and protect organizations from the cost of financial, reputational, and intellectual property losses.

Cisco Cloud Application Security is Transformative

Cisco Cloud Application Security is a unified security solution. It delivers end-to-end visibility and protection across the application lifecycle. It combines cloud security posture management (CSPM), cloud workload protection (CWPP), API security, and infrastructure as code (IaC) security.

As a result, organizations can monitor, prioritize, and remediate a wide range of security threats while also achieving granular governance and compliance requirements. It provides code-to-cloud protection from development to runtime, and empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments.

Security teams can protect all their cloud assets using an agentless approach to scan cloud environments, including AWS, Google Cloud, Azure or any combination of these. Inventory and mapping of assets and their relationships using an advanced graph database enables comprehensive visualization of the entire cloud estate.

Cisco Cloud Application Security also helps organizations prioritize risks. It offers an attack path engine with advanced attack path analysis capabilities that help security teams see their environment from the point of view of an attacker. For example, teams can analyze and understand misconfigurations and overly permissive roles that could be exploited to gain unauthorized access to a system or network.

The analysis goes beyond surface-level insights with root cause identification and step-by-step, guided command line remediation. Additionally, the solution integrates with development-routed workflow and ticketing tools for quicker resolution.

The transformative benefits of Cisco Cloud Application Security are clear: Improved visibility, better risk prioritization, reduced costs, and higher productivity. As part of Cisco’s unrivaled portfolio of security solutions, it offers a differentiated code-to-cloud experience for comprehensive cloud security that is available as a standalone service or as part of the Cisco Cloud Protection Suite.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels


Gartner, Market Guide for Cloud-Native Application Protection Platforms, By Neil MacDonald, Charlie Winckless, Dale Koeppen, 14 March 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.