Zscaler Cloud Platform

Prioritizing and Remediating Cloud Risk with CNAPP

A digital cloud

In my discussions with customers regarding public cloud security, two important problems come up more than any others. Both are people- and process-related challenges that form the basis for why we built Posture Control. 

The first challenge is that nobody has a large enough infosec team. In fairness, this isn’t a new problem in the cloud. It’s something that I have been hearing my entire career. But that doesn’t mean it’s not a problem that we can make progress toward solving. 

The second challenge is that there is too much friction in the relationship between development teams and information security teams. And why wouldn’t there be? Infosec teams have been blocking dev teams from getting this stuff done since the dawn of time.

 

Improving infosec efficiency with CNAPP

When you can’t create more time, and you can’t hire more people, your only options are to either fail or to become more efficient. Efficiency is all about spending minimal time to achieve maximum impact, and the way to do that is to understand, prioritize, and focus on what is most important. With so many cloud security tools generating so many signals, it is a real challenge to prioritize. Emerging CNAPP solutions, like Posture Control, have been designed to help you understand the signals through the noise. 

Let’s take a simple example. Suppose we get an alert on inbound traffic from a known malicious IP. 

If your team investigates this event in Posture Control, they’ll find at the center of the incident was an AWS EC2 VM with two critical unpatched vulnerabilities. But there are thousands of vulnerabilities like this in your organization. How would you have known that these were important? The answer is that it depends. If this VM was air-gapped, with no access to the internet and no access to sensitive data, there probably isn’t a lot of risk.

If, on the other hand, the VM has access to sensitive company data—such as PII—and is exposed to the internet via a security group misconfiguration, and has an IAM role assigned to the EC2 instance, the risk is much, much higher.

CNAPP solutions can build this sort of context, understanding the relationships between cloud assets and a wide range of signals. All of this factors into risk prioritization that acts as your team’s starting point for efficient response and remediation to public cloud security issues. 

The result is maximum impact because your team is always focused on the most important risks in your cloud environment.

 

Improving development collaboration with CNAPP

Of course, responding to the most impactful areas of weakness in our cloud is important, but, wouldn’t it be better to eliminate these weaknesses prior to deployment?

The latest CNAPP extends risk visibility and prioritization across the cloud application lifecycle via native integrations into development and DevOps tools, including IDEs, source code management systems, and CI/CD tools. The objective is for the security team to collaborate as effectively as possible with their counterparts in the CTO organization.

Let’s take an example - a developer working on a Terraform script in Visual Studio Code. This developer does not want to learn how to use an infosec tool like a CNAPP, and go there every time there is an issue. But they also don’t want to wait until their code goes to production to have it kicked back to them to remediate issues. In an ideal world, they know about the policy violation immediately, in the tools that they are already using, and they have all of the information needed to resolve the issue without interrupting their workflow and forcing them to switch application contexts.

A CNAPP should have plugins into a wide range of tools to accomplish exactly that - point in time feedback that shows what the issue is, how to fix it, and why it is important. 

The outcome is a development team that is able to build secure cloud applications without slowing down their pace of innovation. It’s a win-win for both infosec and the application team, and the key to more effective collaboration.

 

Zscaler Posture Control 

Posture Control is Zscaler’s CNAPP solution. It combines several risk identification engines into a powerful platform to help organizations build and run secure cloud applications. Importantly, this product is designed to help your infosec teams become more efficient at mitigating public cloud risk, while also enabling more effective collaboration with development and DevOps counterparts to improve security while maintaining the pace of innovation.

At the heart of Posture Control is a powerful risk correlation and prioritization engine that understands the relationships between cloud assets and a broad range of signals to provide both proactive and reactive security, becoming your universal platform for securing assets in public cloud environments like AWS, Azure, and GCP. Proactive capabilities help you eliminate the combinations of weakness and risks that are most likely to be exploited, leading to a security incident. This is paired with a cloud XDR function to help quickly and easily investigate complex, multi-part security incidents.

The system draws from misconfigurations, excessive entitlements, unpatched vulnerabilities, exposed attack surface, and more to give a complete view of an organization’s multi-cloud risks.

The result? 

A prioritized view of correlated risks and incidents that act as your team’s starting point for efficient response and remediation, highlighting weaknesses across your cloud application lifecycle, from build to run.

Read more: Zscaler Posture Control

Stay up to date with the latest digital transformation tips and news.

By submitting the form, you are agreeing to our privacy policy.