CNAPPs Address Full Life Cycle Protection Requirements of Cloud-Native Applications from Development to Production
Palo Alto, Calif.
Data Theorem, Inc., a leading provider of modern application security, today announced that Gartner has recognized Data Theorem as a Representative Vendor in the Gartner Market Guide for Cloud-Native Application Protection Platforms report. 1
According to Gartner, “The attack surface of cloud-native applications is increasing. Attackers are targeting the misconfiguration of cloud infrastructure (network, compute, storage, identities and permissions), APIs and the software supply chain itself. CNAPP offerings bring together multiple disparate security and protection capabilities into a single platform focused on identifying and prioritizing excessive risk of the entire cloud-native application and its associated infrastructure.” 1
Data Theorem was recognized by Gartner as a Representative Vendor for CNAPP for its Cloud Secure product. Cloud Secure is a CNAPP with attack surface management (ASM) and a complete AppSec suite all-in-one. It protects cloud services and any cloud-native application by preventing data breaches sourced by cloud assets and API services. It hacks the cloud with Cloud ASM on a daily basis in search of security vulnerabilities that can lead to data breaches. It also monitors cloud configurations using a variety of security posture management techniques like CSPM, KSPM, ASPM, and CIEM; while monitoring microservices, serverless functions, key stores/vaults, virtual machines, containers, storage assets, and databases using AppSec tools such as SAST/DAST/IAST/SCA. Data Theorem’s Cloud Analyzer Engine continuously discovers vulnerabilities in multi-cloud environments and provides mitigation solutions in real time.
Gartner also stated: “Reduce complexity and improve the developer experience by choosing integrated CNAPP offerings that provide complete life cycle visibility and protection of cloud-native applications across development and staging and into runtime operation. Favor CNAPP vendors that provide a variety of runtime visibility techniques, including traditional agents, Extended Berkeley Packet Filter (eBPF) support, snapshotting, privileged containers and Kubernetes (K8s) integration to provide the most flexibility at deployment…Combining the need for runtime risk visibility, cloud risk visibility and development artifact risk visibility results in a robust integrated set of capabilities needed for a complete CNAPP platform.” 1
According to the report, the benefits of CNAPP also include improving the developer experience by integrating into their native development toolset as seamlessly and transparently as possible by reducing false positives and noise, by risk-prioritizing their remediation efforts, and by providing specific remediation guidance to resolve the identified risk. CNAPP offerings can also help organizations adopt a stronger security posture in their development pipeline throughout the entire development life cycle (code to cloud).
“We believe that Data Theorem being recognized by Gartner as a Representative Provider of CNAPP validates the approach we adopted for dynamic and runtime analysis that is fully integrated into the CI/CD process, which gives organizations continuous monitoring of multi-cloud environments, including backend application cloud building blocks,” said Doug Dooley, Chief Operations Officer at Data Theorem. “Cloud Secure systematically discovers attack points using a variety of hacking techniques to identify the most critical vulnerabilities across cloud native apps and underlying resources, including in shadow APIs and cloud apps. It reveals the entire cloud attack surface, and can auto-remediate issues before a data breach occurs. Further, our Cloud Secure product uniquely delivers CSPM for zero license cost while hacker toolkits and active protection provide offensive and defensive cloud security measures, respectively.”
A complimentary copy of the Gartner Market Guide report is available from the Data Theorem website at https://datatheorem.com/resources/reports/market-guide-for-cloud-native-application-protection-platforms/.
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and active protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine, which leverages a new type of dynamic and runtime analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services.
Note 1 – Gartner, Inc. “Market Guide for Cloud-Native Application Protection Platforms,” by Neil MacDonald, Charlie Winckless, Dale Koeppen. March 14, 2023.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Media ContactDan Spaldingdan@datatheorem.com(408) 960-9297
About Data Theorem
Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.