PingSafe today emerged from stealth to launch a cloud-native application protection platform (CNAPP) based on an engine that both detects vulnerabilities that cybercriminals might potentially exploit and enables cybersecurity teams to simulate cyberattacks.
Fresh from raising $3.3 million in seed funding, PingSafe CEO Anand Prakash said the Offensive Security Engine provides cybersecurity teams with the ability to launch novel attacks against their own IT environments and provide cloud security posture management (CSPM) and a cloud workload protection platform (CWPP).
PingSafe invokes application programming interfaces (APIs) exposed by multiple platforms to aggregate data in a graph database that is at the core of the Offensive Security Engine. It then detects vulnerabilities so that cybersecurity teams can better prioritize their remediation efforts, noted Prakash.
That approach generates more accurate alerts and reduces the level of noise that CNAPPs typically generate while at the same time providing cybersecurity teams with an ability to simulate attacks against cloud computing environments, he added.
There is also a no-code policy builder that allows cybersecurity teams to define custom policies for the cloud services and various technology stacks they might have deployed in a cloud environment.
CNAPPs have emerged as a new class of cybersecurity platforms that combine CSPM and CWPP capabilities within a single platform to enable cybersecurity teams to streamline workflows and reduce the total cost of cybersecurity by eliminating the need to integrate multiple cybersecurity point products.
Interest in CNAPPs has risen sharply as the number of workloads deployed in the cloud and concerns about the total cost of cybersecurity have increased. There is generally less pressure to reduce the cost of cybersecurity than other IT functions, but as always, cybersecurity teams are looking for ways to become more efficient by, for example, reducing the time and effort required to integrate disparate platforms. Most organizations also continue to be shorthanded in terms of cybersecurity expertise. One of the reasons organizations don’t acquire another cybersecurity tool or platform is they don’t have anybody to manage it. A CNAPP provides a centralized approach to managing cybersecurity that is simpler to extend as additional capabilities are added.
It’s too early to tell how quickly organizations are transitioning to CNAPPs, but as the number of attack surfaces that need to be defended in the clous era continues to increase, the need for a different approach to managing cybersecurity has become self-evident. The number of application workloads deployed in cloud computing environments continues to exponentially increase with each passing month and many cybersecurity teams have still yet to master the nuances that are unique to cloud security.
One way or another, the need to manage cybersecurity at scale will require organizations to embrace a different approach. The only issue that remains to be resolved now is the pace at which that change will occur at a time when many cybersecurity teams are still trying to justify the cost of investing in previous generations of cybersecurity platforms.