{"id":4047,"date":"2023-08-29T16:34:33","date_gmt":"2023-08-29T16:34:33","guid":{"rendered":"https:\/\/businessyield.com\/tech\/?p=4047"},"modified":"2023-08-29T16:34:36","modified_gmt":"2023-08-29T16:34:36","slug":"cnapp-cloud-native-application-protection-platform","status":"publish","type":"post","link":"https:\/\/businessyield.com\/tech\/technology\/cnapp-cloud-native-application-protection-platform\/","title":{"rendered":"CNAPP (Cloud Native Application Protection Platform)","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"\n
A Cloud-Native Application Protection Platform (CNAPP) is a comprehensive security system that offers centralized controls, threat detection, and incident response capabilities to protect cloud-based apps and infrastructure. With the use of a single user interface, Cloud Native Application Protection Platforms (CNAPPs) combine and centralize many security operations that were previously dispersed.<\/p>\n\n\n\n
The term CNAPP was coined by Gartner, a technological research and consulting firm that delivers actionable, objective insights to various clients. According to Gartner, the CNAPP incorporates functionality for Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM), and CI\/CD security into a single, end-to-end solution to safeguard cloud-native apps throughout the whole application lifecycle.<\/p>\n\n\n\n
Various CNAPP vendors provide these CNAPP solutions, which ensure complete security coverage for cloud-native apps and highlight the necessity for businesses to direct their attention towards cloud-native security solutions that offer a whole lifecycle strategy for application security rather than a hodgepodge of tools.<\/p>\n\n\n\n
To help you monitor and secure your cloud infrastructure and services, a CNAPP often includes a variety of technologies. To improve cloud security for your software development activities, it may also be incorporated into your DevOps and DevSecOps<\/a> pipelines and processes.<\/p>\n\n\n\n These key technologies or components include;<\/p>\n\n\n\n One of the essential elements of the CNAPP that supports the shift-left security strategy is artifact scanning. It is necessary to integrate risk recognition and scanning into the development organization’s pipeline tools.<\/p>\n\n\n\n When scanning artifacts, whether they are compiled binary or source code, there are two main areas to focus on. They include application security testing and software composition analysis (SCA).<\/p>\n\n\n\n Any open-source libraries that were incorporated into an artifact are examined by SCA. The version and license of the currently used library are then flagged. Using such knowledge, it can identify any typical vulnerabilities and exposures (CVE) and their severity, link them to an assessment, or use it as documentation for the artifact in the repository where it is stored.<\/p>\n\n\n\nArtifacts Scanning<\/span><\/h3>\n\n\n\n