For today's โ๏ธ๐๐งต, we want to give orgs something to use in their evaluation of different cloud native application protection platforms (CNAPP).
Here are some questions to ask your CNAPP vendor as part of the evaluation process - โ๏ธ them out & why these ?s are valuable ๐
What coverage do you provide against today's modern cloud threats & attack types? How do you benchmark against MITRE? Compliance regs?
This evaluates the platform based on security outcomes rather than buzzword feature sets - make vendors prove their protection during the POC
After determining outcomes, you can evaluate feature sets and if they meet fundamental controls & scanning technologies you need in the cloud.
Important technologies to make sure the CNAPP covers are: vulnerability scanning, malware detection, secret scanning, CWPP & CSPM.
What prioritization framework does the platform use for alerting? Is it based on severity or are other factors accounted for before alerting you to possible risk in your env?
Alert fatigue is a real issue in the industry so knowing when you'll get alerted is important!
Does the platform integrate with other security tools already in use by the organization?
Integration with existing security tools and systems can help to streamline the organization's overall security posture and reduce complexity. It also reduces friction w/ implementation.
What is the vendor's approach to providing updates, support, & maintaining the platform?
This can have a significant impact on the platform's effectiveness over time. Understand how the vendor will keep the platform updated & how they will support the org in case of issues
What is the vendor's philosophy around agentless vs agent tech?
CNAPP's that espouse one tech over the other generally will be heavier in CWPP or CSPM features. One prioritizes scanning & the other detection/protection. The reality is you need both to be effective!
What detection & response capabilities does the platform and in what environments?
Agent v agentless approaches enable different forms of detection & response within the โ๏ธ; understand what types of detections the platform will be able to see & how they'll respond to protect.
What coverage does the CNAPP have across โ๏ธs & infra modalities?
Do they support hybrid โ๏ธ deployments or are they limited to public โ๏ธs? Does this change based on features?
Do they support VMs, containers, serverless, PaaS, SaaS, etc? Make sure they support your infra needs
Hopefully these questions give you some good fodder for your next evaluation in the CNAPP space!
If you like this content - like/retweet this ๐งต & follow us @deepfence
Want to ask @ryancsmith2222, our Head of Product these ?s, sign up below:
go.deepfence.io/15-minute-demo
Deepfence
@deepfence
Securing your apps in production across the entire cloud native continuum โ clouds, Kubernetes, containers, serverless, and more