What is CNAPP?

Cloud-Native Application Protection Platforms (CNAPP), a new cloud security approach defined by Gartner, emphasizes the need for unified lifecycle security as opposed to a patchwork of solutions. CNAPP encompasses a wide set of overlapping tools, spanning development and production, including but not limited to: Infrastructure as Code (IaC) scanning, cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).

Organizations have manually stitched together DevSecOps with 10 or more disparate security tools — some new and some old — each with siloed responsibilities and a limited view of application risk.

Gartner, Inc, Innovation Insight for Cloud-Native Application Protection Platforms Report August 2021

Cloud-Native Application Security Challenges

Gartner made CNAPP a popular security category when they released the Innovation Insight report for Cloud-Native Application Protection Platforms. The analyst group identifies the need for a consolidation of tools and security platforms, and for organizations to approach security and compliance as a continuous process. However, en route to pursuing CNAPP adoption, organizations face multiple complexities and business challenges:

  • Lack of visibility: Silos, gaps and other complexities make it difficult to gain visibility and insights into all cloud assets and applications, extending from development to runtime.
  • Inadequate risk monitoring: The lack of centralized cloud security management makes it difficult to holistically assess, prioritize and mitigate risk across the full product lifecycle.
  • Siloed roles and responsibilities: Security and DevOps teams independently using multiple stitched-together tools can negatively impact the journey to cloud-native security at scale.Ermetic offers a strong starting point on your path to CNAPP. Our industry-unique combination allows organizations of all sizes to manage access risk (CIEM) and continuously improve compliance (CSPM).

See how Ermetic’s holistic identity-first platform can help you understand and reduce your cloud-native security risks.

Continuously Manage Access Risk

The Ermetic platform provides a strong entry point to CNAPP by delivering cloud native, context-aware security for AWS, Azure and GCP – achieved via a unique combination of cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM). Ermetic provides deep visibility and actionable risk intelligence, automated remediation, real-time anomaly detection and compliance across your multicloud environment.

With Ermetic, Security, DevOps, DevSecOps and IAM stakeholders can work together to govern access, improve cloud security posture and achieve least privilege, without impact to application continuity or speed to market.

  • Deep visibility & full inventory
  • Anomaly & threat investigation
  • Auto-remediate & shift left
  • Governance & compliance

Maintain Compliance and Access Governance

A cloud environment can be compliant with industry standards and best practices yet not be secure. Ermetic enables organizations to proactively detect and automatically remediate both compliance and security risks. Security stakeholders can ensure compliance with industry standards, audit and investigate access on evolving threats, and generate fully customized reports.

  • Carry out continuous compliance audit including for CIS, GDPR, HIPAA, ISO, NIST, PCI and SOC2
  • Generate detailed reports for asset inventory, network configurations and activity audits

Enable Shift-left Cloud-Native Security

Ermetic allows to shift-left by defining and enforcing automated guardrails for cloud identities, resources and network configuration. Security and DevOps can effectively achieve identity-centric security strategies like least privilege and zero trust at scale.

The platform uniquely remediates detected risks via auto-generated least privilege access policies sent through standard workflows, including ticketing systems, CI/CD pipelines and CloudFormation and Terraform snippets – all to reduce the cloud attack surface and blast radius in case of a breach.

  • Enforce automated guardrails for identities, resources and network configuration
  • Facilitate workflows integrations with customizable policy templates
  • Define just-in-time access for developers and DevOps

Learn How AppsFlyer is Remediating Risk Using Ermetic

With Ermetic, we immediately saw the risks to our environment and could quickly remediate them. No other solution provided this type of deep visibility into access entitlements and publicly accessible resources.”

Read the Case Study

Hear from Our Customers

Read Case Studies
Larry Viviano Director of Information Security, IntelyCare

If I didn’t have Ermetic to manage my cloud security, I probably would need an additional two or three headcount in order to do that manually.

IntelyCare x Ermetic
David Christensen Senior Information Security Executive

This is one of the few platforms I’ve brought into the cloud that has had actionable efforts in under 30 days. From a return on investment perspective, it was one of the best decisions we made.

Dominic Zanardi Security Engineer, Latch

If we didn’t have Ermetic analyzing roles, policies and network configuration, that would easily be an additional three to four analysts. It’s saving us hours and head count.

Eugene Gorelik VP Engineering at Airslate

Ermetic has allowed us to concentrate on our business rather than on concentrate just on the cloud security.