The annual RSA conference in San Francisco has become the global platform to showcase the latest technologies and innovations in cyber security. After the Covid pandemic, it’s great to finally see a large crowd at the Moscone Center. A few days of gathering, booth visits and in person discussions from security vendors and professionals from around the world provides an excellent opportunity to get a glance at the state of the security world, to peek into the latest developments in security technologies, check out the highlights and unique product features from security vendors as well as get insights into the thoughts of innovative minds.
The cybersecurity landscape has shifted dramatically in recent times, with more organizations adopting remote or hybrid working styles and migrating to cloud-based businesses. The recent phenomenal frenzy of ChatGPT and AIGC have also infused the cybersecurity world, both on the attack and defense sides, pushing the security agenda to new levels.
It’s not surprising to see a lot of product and technology showcases at RSAC. Based on observations from my day trip, here are the trends I observed in the cloud native application security (CNAPP or AppSec) space:
As more organizations adopt and migrate their business to the cloud, cloud native application security is becoming a very active area where many companies – big and small – are heavily investing and developing products and solutions to address security gaps. Cloud native application security is more challenging, largely because of its inherent attributes of diversity, scale, and dynamics; security needs to be more agile and adaptive in terms of application software development, deployment and runtime management.
Here is some of the more significant elements that captured my attention last week:
Security posture awareness and management.
It is important for organizations to be aware of and assess the state of the security risks of the cloud application or workload it is trying to protect and be able to take proper action at an earlier stage to provide effective protection. Products in this space usually have comprehensive solutions to support these goals.
This usually includes using various security tools, often aided by AI/ML, to:
- Continuously monitor and discover assets within the protected environment, including both managed and unmanaged devices, applications, and workloads,
- Prioritize these assets and assess the security risks.
- Scan for vulnerabilities,
- Provide system hardening solutions,
- Disclose any incompliance,
- Properly install security policies,
- Generate reports, and so on.
The differentiating factors are often in the depth or breadth of coverage of the application and workload, the extensiveness of the vulnerability assessments and level of automation.
Runtime application monitoring and threat detection.
In addition to early, often static types of application security protection, security vendors have also delivered runtime application protection.
This is usually achieved by installing lightweight agents in the carriers of the workloads (VMs, containers, application processes, etc.) and continuously monitoring the runtime behaviors of the applications or workloads, conducting real time scanning against the vulnerability database or compliance policies, alerting any abnormal behaviors or threat attacks and taking actions according to the security policies.
Vendors usually have both agent and agentless solutions, depending on the level of protection and detection. Agents usually have a very small footprint and can also be adaptive and adjust to real-time, dynamic system resource performance.
The differentiating factors are usually in the performance, the effectiveness of the solutions and the presence or capabilities of advanced threat detection and response.
Multi-cloud support and ease of onboarding.
Nowadays, companies usually have hybrid business environment including on premises devices, mobile devices, corporate private data centers as well as public cloud environments. Therefore, it is important for security vendors to provide hybrid platforms and multiple cloud supports.
However, as business environments and applications become more complex, the onboarding and deployment process also becomes more complex. I observed security vendors placing an emphasis on providing tools and frameworks in their solutions to ease the pain for customers to install, configure, deploy, and manage the process both at the initial phase and the later operational phases.
For example, many vendors have features including “one-click” deployment, automatic network topology measurements, applications and workloads relationship buildups, default security policy constructions, among others, to simplify the process. All aim to provide customer tools to make onboarding the security platform and initial configuration and management relatively easy and painless.
The differentiating factors are usually in the level of automation, the level of visibility and the intuitiveness of the user interface and overall user experience.
As organizations migrate more businesses and application to the cloud, and legacy network borders continue to vanish, cloud application security solutions are becoming more critical in the cybersecurity space. These solutions must be flexible and adaptive to meet the increasingly diverse, dynamic, and scalable nature of cloud native applications.