What CNAPP solution do you recommend for a hybrid cloud?
Hello peers,
I am a CISO at a medium-sized computer software company.
I am currently researching the best CNAPP solution. What CNAPP solution do you recommend for a hybrid cloud? Why do you recommend that specific solution?
After sifting through all the different options to find the Cloud-Native Application Protection Platform (CNAPP) that would offer the highest level of value, I feel that Prisma Cloud by Palo Alto Networks is the solution that beats out its competitors. If I were asked to offer a recommendation, I would say that this is the best possible investment for those looking to acquire a cloud-native application protection platform.
The sheer versatility and power of the tools and features that Prisma Cloud offers users is what drew me to it. These features and tools include:
Security suite. Prisma Cloud comes with a powerful suite of security features that allows me to keep my application development process and product safe from all manner of digital threats. It enables me to protect my code by weeding out potential vulnerabilities while it is still in the development stage, long before it is released into the world. I can also use its scanning capabilities to find issues as they spring up. Machine learning algorithms enable me to see behavior that deviates from the norm that I can then correct.
Unified management dashboard. I only need a single dashboard to administer and manage Prisma Cloud’s security suite. If I had a large team working with me, we would be able to collaborate using this interface. It simplifies the management process by enabling all of the security work to be done from a single location.
Integration suite. Prisma Cloud is highly flexible in that it enables me to utilize some of the most widely-used integrated development environment and software configuration management tools alongside it. If I am missing any critical development tools, Prisma Cloud makes it possible for me to go out and fill those holes without compromising on security.
Search for a product comparison in Cloud-Native Application Protection Platforms (CNAPP)
Gartner coined the term CNAPP, and they defined 3 main areas of capabilities. The first one is artifact scanning which spans SAST/DAST tools, software composition analysis, code repository scanning, and others. This area mainly focuses on shift left security capabilities that go as upstream as possible within the application development lifecycle (code, build, deploy, run) and provide scanning capabilities for application code among other things. The goal of these capabilities is to identify and remediate any issues in code before applications reach production as the risk increases 100-fold once code gets deployed at scale. The second area is cloud configurations that closely follow the usage of cloud infrastructures and platforms and define security solutions areas covering infra as code templates, infra entitlements and identity management, and cloud security posture management. This part of security largely addresses data security and permissions in the cloud as a top concern today. The third area of CNAPP is runtime application protection which has little to do with the cloud and a lot to do with application development. App dev took a turning point in 2013 or so which gave birth to modern app sec solutions. That turning point is when microservices and containers went on a path to becoming mainstream.
Generally speaking, there are three distinct areas of CNAPP today, cloud, application, and network security. If you are a heavy user of the public cloud you will want to have clear visibility, compliance, and governance of your cloud assets. You will want to protect your data and manage cloud identities, and prevent drifts in your IaC templates. If you have a large footprint of cloud-native applications, you use containers, and have many workloads spanning your hybrid and distributed environment, then you will need visibility and vulnerability management to map your environment and calculate the risk your workloads carry. Such as how many workloads you have, which ones host web applications and API endpoints, do you have ingress ports open. Are your sensitive data exposed either via an API or a public-facing workload. Lastly, the network security area covers network segmentation and east-west protections helping you address the lateral spread of attacks to name a few.
Your CNAPP solution will depend on what areas are your top concerns. Prisma Cloud by Palo Alto Networks offers CNAPP capabilities across many of the areas defined by Gartner. You can check it out here https://www.paloaltonetworks.com/prisma/cloud And there is a free trial that includes your security risk assessment.
Find out what your peers are saying about Palo Alto Networks, Wiz, SentinelOne and others in Cloud-Native Application Protection Platforms (CNAPP). Updated: February 2025.
Cloud-Native Application Protection Platforms (CNAPP) offer comprehensive security solutions designed to protect cloud-native applications throughout their lifecycle.
Market and user data highlight that organizations using CNAPP experience enhanced security for their cloud-native applications, minimizing risks associated with breaches and vulnerabilities. These platforms integrate seamlessly into CI/CD pipelines, providing continuous monitoring and compliance capabilities.
What are...
After sifting through all the different options to find the Cloud-Native Application Protection Platform (CNAPP) that would offer the highest level of value, I feel that Prisma Cloud by Palo Alto Networks is the solution that beats out its competitors. If I were asked to offer a recommendation, I would say that this is the best possible investment for those looking to acquire a cloud-native application protection platform.
The sheer versatility and power of the tools and features that Prisma Cloud offers users is what drew me to it. These features and tools include:
Security suite. Prisma Cloud comes with a powerful suite of security features that allows me to keep my application development process and product safe from all manner of digital threats. It enables me to protect my code by weeding out potential vulnerabilities while it is still in the development stage, long before it is released into the world. I can also use its scanning capabilities to find issues as they spring up. Machine learning algorithms enable me to see behavior that deviates from the norm that I can then correct.
Unified management dashboard. I only need a single dashboard to administer and manage Prisma Cloud’s security suite. If I had a large team working with me, we would be able to collaborate using this interface. It simplifies the management process by enabling all of the security work to be done from a single location.
Integration suite. Prisma Cloud is highly flexible in that it enables me to utilize some of the most widely-used integrated development environment and software configuration management tools alongside it. If I am missing any critical development tools, Prisma Cloud makes it possible for me to go out and fill those holes without compromising on security.
Hello Bulat,
Gartner coined the term CNAPP, and they defined 3 main areas of capabilities. The first one is artifact scanning which spans SAST/DAST tools, software composition analysis, code repository scanning, and others. This area mainly focuses on shift left security capabilities that go as upstream as possible within the application development lifecycle (code, build, deploy, run) and provide scanning capabilities for application code among other things. The goal of these capabilities is to identify and remediate any issues in code before applications reach production as the risk increases 100-fold once code gets deployed at scale. The second area is cloud configurations that closely follow the usage of cloud infrastructures and platforms and define security solutions areas covering infra as code templates, infra entitlements and identity management, and cloud security posture management. This part of security largely addresses data security and permissions in the cloud as a top concern today. The third area of CNAPP is runtime application protection which has little to do with the cloud and a lot to do with application development. App dev took a turning point in 2013 or so which gave birth to modern app sec solutions. That turning point is when microservices and containers went on a path to becoming mainstream.
Generally speaking, there are three distinct areas of CNAPP today, cloud, application, and network security. If you are a heavy user of the public cloud you will want to have clear visibility, compliance, and governance of your cloud assets. You will want to protect your data and manage cloud identities, and prevent drifts in your IaC templates. If you have a large footprint of cloud-native applications, you use containers, and have many workloads spanning your hybrid and distributed environment, then you will need visibility and vulnerability management to map your environment and calculate the risk your workloads carry. Such as how many workloads you have, which ones host web applications and API endpoints, do you have ingress ports open. Are your sensitive data exposed either via an API or a public-facing workload. Lastly, the network security area covers network segmentation and east-west protections helping you address the lateral spread of attacks to name a few.
Your CNAPP solution will depend on what areas are your top concerns. Prisma Cloud by Palo Alto Networks offers CNAPP capabilities across many of the areas defined by Gartner. You can check it out here https://www.paloaltonetworks.com/prisma/cloud And there is a free trial that includes your security risk assessment.
Best of luck and feel free to follow up.