ICYMI: ETR Observatory for CNAPP Tools

The CNAPP Promise: Monitoring, Security, and Compliance in All Environments

ETR Observatory | Erik Bradley  

| June 13, 2024

This Observatory report features the most comprehensive and current end-user and evaluator data and feedback on the Cloud Native Application Protection Platform (CNAPP) marketplace. Backed exclusively by ETR's new Market Array data, the vendors covered in this report are positioned in Leading, Advancing, Tracking, or Pursuing vectors according to Momentum and Presence in the market. The plotting of the vendors in the subsector is based exclusively on the data, not opinions or vendor influence.

Access the Full Observatory Report Here 

Access the Underlying Market Array Data Here 

Beyond product-level spending intentions, the full ETR Markey Array data for CNAPP tools also tracks key competitive intelligence such as usage expansion, ROI, Stickiness vs. Churn, Vendor Strengths, Net Promoter Scores (NPS), and much more. The syndicated Market Array data is a new debut product for ETR and is only available to premium subscribers; reach out to our service team at service@etr.ai to gain access to the full, underlying Market Array data set. 


Cloud platforms and cloud-native applications have gained significant popularity due to their cost-effectiveness, flexibility, and scalability. However, the increasing adoption of cloud infrastructure and the cloud-native applications built within them has also led to a massive surge in security threats. Nation-state-sponsored attacks, independent hackers, and cybercriminals are increasingly targeting cloud infrastructure misconfigurations, APIs, and the software supply chain, making it imperative to secure these workloads and applications. While this is a major concern, market economics within enterprise technology dictate that where there is a problem, solutions become available…at a cost. On cue, various Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platforms (CNAPP) are increasingly available that combine multiple security capabilities into a single platform to address this growing need. CSPM has existed for a decade now, but demand continues to increase as workloads shift away from on-premises and into the cloud.

While cloud providers are responsible for the security of the cloud externally, enterprises are responsible for what happens within it. CPSM is a software tool that scans cloud infrastructure for security risks. It looks for misconfigurations, compliance violations, and other vulnerabilities. CSPM tools automate visibility, monitoring, threat detection, and remediation workflows. This helps identify and fix risks in a timely manner. CSPM can be used for risk assessment, visualization, incident responses, compliance, monitoring, and DevOps integration. Security teams use this information to improve their prioritization efforts. CSPM vendors advertise that their tools strengthen security while minimizing risk exposure in cloud environments. Additionally, CSPM tools can aid in meeting enhanced compliance and governance requirements and potentially reduce costs by eliminating redundant tools in an organization's existing security stack.

Meanwhile, CNAPP brings together a diverse range of security features, including CSPM, into a consolidated platform to identify and prioritize high-risk areas across cloud-native applications and their underlying infrastructure. This platform is designed to provide a more comprehensive approach to security that covers both the application and its infrastructure, including potential vulnerabilities in associated compute layers, identities, APIs, and software supply chains. CNAPP often employs agentless scanning technology, which can rapidly search cloud environments at scale without required installation on virtual machines.

Many security experts and practitioners now define CNAPP as a converged security architecture that includes CSPM functionality. CNAPP consolidates CSPM and other capabilities into a single platform, providing a holistic view of cloud risk and actionable findings for security, DevOps, and engineering teams. This combination of enhanced security cannot happen fast enough, given the advanced threat landscape that enterprises face daily. Other security modules under the CNAPP umbrella include Cloud Workload Protection Platform (CWPP), Cloud Infrastructure Entitlement Management (CIEM), and Infrastructure-as-Code (IaC) scanning.

The attack surface of cloud-native applications is expanding with attackers increasingly targeting the misconfiguration of cloud infrastructure, APIs, identities, software supply chains, and so much more. This has led to a corresponding increase in the importance of identifying and addressing vulnerabilities in these areas to ensure the security of cloud-native applications. Despite being quite a bold statement, CSPM and CNAPP vendors are essentially promising comprehensive protection throughout the application's lifecycle, from development to production.

Another complexity in cloud-native security is the continual push to “shift left” and add security layers earlier on in the development process, which means that the role of DevOps is expanding into and also converging with DevSecOps. Developers are increasingly responsible for operational tasks, such as addressing vulnerabilities, deploying infrastructure, and managing implementations. Historically, there has been a stereotype that developers viewed security layers as a bridle stifling creativity and speed, but that belief is a dangerous vestige of a past world that must be obliterated from development culture going forward. To address this expanded scope of responsibility, developers need tools that can provide comprehensive support across all areas of the development and operational process.

Here are several examples of challenges that developers face when building cloud-native applications:

• Operational tasks that they don’t have experience with nor ever sought jurisdiction over

• Lingering prejudice that security is an obstacle to productivity

• Managing increasingly complex cloud infrastructure and dependencies

• Balancing production deadlines and security measures in a fast-paced environment

• A general lack of security expertise and training

• Extensive use of open-source code and libraries that may contain vulnerabilities; and

• Different development tools across enterprises with multi-cloud environments.

It is urgent that organizations equip developers with the necessary support, tools, and training to overcome these challenges so they can do what they do best: build resilient cloud-native applications. Enter the promise (and allure) of CSPM and CNAPP, which is designed to prioritize the identified risks and provide developers with sufficient context to remediate them quickly and comprehensively.

While multiple providers offer CSPM and CNAPP capabilities, not all of them provide the required functionality. Of course, there is no one-size-fits-all solution in enterprise technology, where each organization has its own set of needs and budgets to factor in. Therefore, organizations must carefully evaluate CSPM/CNAPP offerings to ensure they meet their specific requirements and provide seamless integration across their infrastructure and their entire application lifecycle.

This report focuses on Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platforms (CNAPP) and includes the following vendors:

Aqua | Check Point CloudGuard | Cisco Cloud Security / Panoptica | CrowdStrike Falcon Cloud Security | Dynatrace / Runecast | Lacework | Microsoft Defender | Orca | Palo Alto Prisma Cloud | Rapid7 InsightsCloudSec | SentinelOne PingSafe | Sophos Cloud Optix | Tenable Cloud Security | Trend Micro Vision One | Wiz | Zscaler Posture Control

Key Terms: Momentum is a measure of a vendor’s spending and utilization where each citation is converted to a numeric score, reflective of whether that citation contributes positively or negatively to a vendor’s total market utilization. Presence is a measure of a vendor’s penetration within its subsector in our survey work and is calculated as the number of citations for a given vendor divided by the total number of survey respondents who indicate spending power.

The Observatory Scope

The plotting of vendors across the Observatory Scope is supported wholly by ETR’s exclusive market intelligence and spending intentions data sets (see Figure 1 above). Most vectors in this period were evenly distributed and populated, with three data-plotted vectors consisting of five vendors and only the Tracking vendor having one. Based on the results of this Market Array study, the Leading vector consisted of CrowdStrike Falcon Cloud Security, Zscaler Posture Control, Microsoft Defender for Cloud, Palo Alto Prisma Cloud, and Tenable Cloud Security (listed by highest Momentum positioning first).

The entirety of the Advancing vector had impressive positioning, with almost every vendor borderline crossing into the Leading category, and all coming up just shy due to lower Presence levels than their aforementioned peers in this marketplace. These vendors included Wiz, Rapid7 InsightsCloudSec, SentinelOne PingSafe, CheckPoint CloudGuard, and Dynatrace / Runecast (again listed by the highest Momentum positioning first). It should be noted that Wiz had the highest Momentum of the entire survey, and the CNAPP tools for Rapid7, SentinelOne, and CheckPoint captured Momentum levels that were in line with the majority of the Leading vector peers.

Cisco was the lone vendor occupying the Tracking vector in this Market Array survey with their Cloud Security / Panoptica tool. Cisco captured enough Momentum to enter the right half of this scope but fell short in Momentum to break into the Leading vector. In this ETR Observatory, numerous vendors, including Trend Micro Vision One, Orca, Lacework, Sophos Cloud Optix, and Aqua Security (listed in Momentum order), are in the Pursuing vector based on relational plotting of the Momentum and Presence data versus the other CNAPP vendors.

From this group, Trend Micro captured the highest Momentum and Presence. Orca had the second-highest Momentum and Sophos exhibited the second-highest Presence in this grouping. In general, the appearance of Orca, Lacework, and Aqua Security as private names that ETR tracks in our Emerging Technology Survey (ETS) is an impressive feat, given that the companies garnered enough spending and evaluation citations in this survey against a field populated with such large and mature competitors.

It is critical to note again that ETR’s positioning is based wholly on survey responses from IT decision makers with direct utilization and knowledge of the CNAPP vendors and toolsets. The plotting does not reflect, nor does it intend to opine on, the efficacy of these tools and security vendors.

The full Observatory for CNAPP Tools breaks down the overall spending intent Net Score for these CNAPP vendors and will then analyze each of the four Observatory Scope vectors and the vendors in more detail in the following sections; however, the best way to view this data is through the Market Array data, which is available only on our research platform. Reach out to our service team to walk through the data, or request access via a free trial today.

Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai 

Get Free Report

Fill out the form to receive a copy of "ETR Observatory for Cloud Native Application Protection Platform (CNAPP) Tools" sent directly to your inbox.