Cloud Native Channel6 CNAPP Pitfalls and How to Avoid Them
This webinar highlights six of the many pitfalls in CNAPP adoption and how to avoid them, from deployment delays and performance overhead to disappearing assets and alert fatigue. It also shares practical evaluation tips, the value of eBPF based agents, and how a unified scanner enables day one protection with less overhead.
Transcript
Hello, everyone. Welcome to our webinar today. We're today, we're going to be talking about the six common CNET pitfalls and how to avoid them. Imagine having the confidence to navigate the world of CNAP platforms with ease so that you can minimize risks, make smarter decisions for your organization.
And today, that's exactly what we are here to help you achieve. My name is Erin Stefan. I'm the director of product marketing at Aqua. And today, I'm joined by Meha Varier, the vice president of product marketing at Aqua. So let's jump in. Meha, do you wanna kick us off with our first pitfall?
Yeah. Sure. And thanks.
So implementing a cloud native application protection platform is a complex initiative in itself. Right? And, a CNAP that is particularly difficult to deploy can significantly delay the benefits it offers in terms of security and may also require substantial in house training or external consultancy fees. So the first pitfall really that we wanna talk about is deployment complexity limitations and delays.
We're actually hearing from a lot of, customers out in the market looking for CNAPS that or implementing CNAPS. And in this scenario, you know, obviously, time to value is very, very high.
And so customers are what they're looking for is an agent that can be frictionless and works immediately versus something that takes very long to deploy and get going.
Also, not all solutions work in the environments where you work or plan to work. Right? On premises and the cloud across relevant public cloud providers, and nor do they scale to your organization's breadth and depth of needs. We've heard that some of the leading CNAP providers have some solid tools, but deployment feels like it's never ending. And some of the limitations around environments, you know, customers get caught by surprise in that scenario as well. So something to definitely look out for, in terms of challenges that others are facing that, you know, you need to to be aware of as you think about implementing a CNET.
Yeah. That's right, Meha. I mean, and you and I, right, we speak to customers all the time or security professionals all the time. You know, we were both at the on the show floor at RSA or even just, you know, reading through your feedback or talking to our customers on a regular basis. And like you mentioned, what really stands out is this deployment com like, complexity and the sort of the inflexibility of deploying CNAB solutions.
So what you should be looking for, right, some pro tips that we're bringing to you is you should really look for a solution that's built to hand to handle enterprise scale. Right? Something that is simple to deploy, but is also highly scalable. So as your business grows, it it grows with it. Right? There's nothing worse than, you know, trying to run an image scan, for example, and having it take forever, forever, forever and not being a scalable solution.
And what's also important is we know, you know, in the concept of cloud native that these containerized applications, they could live on premise. They could live in a hybrid model, or they could live a hundred percent from the cloud. But it's essential that your solution that you can configure any of these types of security policies once and deploy them anywhere to save you time. So it's really an essential capability. Right? Especially if you're managing these complexities and all of the risks associated with operating in such a diverse and unique cloud environment, you want something that's going to make it easier for you and deliver that scalability.
And something really important to keep in mind as well is the the fact that the solution should deliver immediate time to value. And so what we know from our research, you know, our team Nautilus, our threat research team, you know, a cloud native attacks, they can happen in seconds. So what you want is you want a solution that's going to deliver those robust security policies right out of the box. Right?
You wanna be protected on day one. You don't wanna spend the time trying to get your team up to speed. Right? Especially if they're not experts in cloud native security.
So what you wanna look for is a solution that can help eliminate some of that, eliminate the need for specialized security ex expertise and allows your team to ramp up while also being protected on practice? Right? Like, some of these things are are they too pie in the sky? Well, not when it comes to Aqua.
Right? Aqua solution is easy to deploy.
We have out of the box runtime policies, so that you can start protecting, like we mentioned, on day one. You can enable users to focus on their core business activities without having to invest heavily in security training or personnel. So regardless of the CNAV solution you choose, you don't wanna waste valuable time with long deployments or complex setups. Would you would you agree, Meha?
Absolutely. I think that's super important.
And you're absolutely right. Outplay solution is is easy to easy to deploy and easy to get up and running and, get your organizations protected from from day one.
So let's move on to the second pitfall.
K. Perfect.
The other pitfall that we've heard about quite often is that the runtime agents that, the CNAP solution uses to protect you, it actually ends up slowing you down. Right? And the reality is that a CNAP should be able to give you that real time runtime protection, but while being overhead low. You don't want your runtime agent to block the CPU while it's responding or even force you to restart the container every time you change a policy.
Slow agents can lead to delayed data processing, which in turn affects the responsiveness as well as the operational efficiency of your security operations. Right? So some CNET providers, we've heard, have an older agent with minimal updates over the years. So they're not keeping up with the technology changes, not keeping up with the requirements, of the latest, and greatest cloud environment. So they're not using technologies, for example, such as eBPF.
And this blows down your runtime protection. It blocks the CPU while the agent responds and significantly impacts your ability to to respond to cybersecurity incidents in real time.
Do you have a pro tip for that, Erin?
Yeah. I mean so I think it's important, right, during the trial phase. Right? You should be testing out, especially these big security solutions.
But you should be able to test this out. Right? And you should be able to monitor the c the CNA vendor of choice. Right?
How their agents impact performance.
Another opportunity too. Right? Nobody likes having, you know, business continuity interrupted because of security. So another great resource is, you know, checking your peer review sites.
You know, g two, Gartner peer insights, those are great places to check. And, also, you know, customer references. Right? If you're working with a vendor, you know, being able to talk to a customer to get a clear and unbiased view of their experience, especially when handling agents.
You know, again, if you're a large enterprise, you do not want any of your business to be impacted by security, by the purpose of the agent. Right? The runtime agent to be able to provide that, you know, granular level of visibility and that behavior detection, but also to stop the bad stuff but from happening, but not stopping your business. So, Meha, as you mentioned, right, eBPF technology.
You know, Aqua's solution, Aqua's runtime solution, we updated our agent about two years ago now to utilize eBPF. Right? The next, you know, next generation of technology. And what's great about eBPF is that it's providing that kernel level visibility.
Right? So you're going deeper. You have more granular insight. You're gonna have more accurate, you know, behavioral detection of what's going on, but you're not going to have to sacrifice that business continuity.
So eBPF is really built to be to provide, you know, more application security stability. So it's optimized to do that in a non intrusive manner, which is really important. Right? We don't wanna be, again, slowing down our system, slowing down production for security.
And I think that's what happens a lot. Right? You and I have had these conversations with customers of if they have to make the choice between, you know, business production to cut out security because it's slowing down your business, especially if your vendors are not offering, you know, the latest and greatest technology. So, again, using this approach, you know, it's gonna reduce those performance issues, especially on those heavier agents of the past, right, those more traditional agents.
But it's also gonna be able to provide you and your customers, right, more efficiency, a more seamless security experience, and re you know, ultimately, what does that lead to you and your business? You know, a better application performance, better user satisfaction.
And that's really what we all want from our security solutions. Right? High performance with minimal impact on business. So I think, I think we did well with with number two, but what about moving on to what the third pitfall is with evaluating CNX? What do you think?
Yeah. Let's do it.
The third common problem that we hear hear about is, and this is a weird one, I'll be honest, is cloud assets appearing and disappearing quite randomly in certain CNAPs. Right? And this issue is often called flapping or, basically, duplicate alerts, right, where it's a combination, right, where you see assets disappear, you see them reappear, and therefore, you're not sure exactly what's going on in your environment. Right? And this is the frequent toggling of alert status between safe and unsafe, can create a volume a high volume of duplicate alerts leading to alert fatigue and resource drain.
This can also obviously make it very, very hard for security teams to track the progression of threats. Right? This, you know, you just you don't know what's going on in your environment. You don't know if you actually, dealt with the with the alert, or, you know, or something's off, right, and you just don't remember, this obviously reduces efficiency. It increases the risk of missing genuine threats, and it's a big red flag for sure.
Yeah.
Yeah. Definitely.
I think what you wanna look for, right, in some of these pro tips is you want to look for a fully integrated CNA platform. Right? There's something that's sophisticated enough to correlate and contextualize these alerts across the entire platform. I think and not to, you know, steal the thunder of a later pitfall, but, you know, those ones that are sort of duct taped together, how could you possibly connect, you know, from what's happening in code development right through to run to through to run time?
And without any, you know, clear, prioritized view, you know, you could get lost. Right? You how could you possibly eliminate duplicates or reduce any of that noise that's coming through? And, you know, what's worse is the time that's spent having to sift through all of these alerts.
And I don't know. I think, you know, you've definitely seen it, Mejha. I don't know if those, you know, watching the webinar have, but the latest Gartner CNET market guide. So this was just released of, you know, about a week or two ago.
And so even in this new market guide, right, Gartner has taken a a new approach, a refined approach to, the CNAB market, but they even recommend, right, choosing a CNAB that offers a unified view. Right? It's, you know, a wide range of capabilities, of course, but you want to be able to support that entire ecosystem, right, the entire software development life cycle seamlessly.
And in Gartner's recommendations as well, you know, they recommend, you know, when you're consolidating these tools, of course, the point of consolidation is to reduce the complexity and and cost, but you also wanna improve your security policy enforcement and your risk prioritization.
And you can only do that with a fully integrated solution. And, again, all things that sound great in theory, but in practice, Aqua is that solution. Right? We're able to deliver that fully integrated CNAP solution, and we're truly encompassing that DevSecOps methodology.
Right? Being able to connect what's happening in code all the way through run time without that duct tape, you know, without those, you know, screens that are hard to follow without that, you know, being able to trace one thing from happening on one side to the next. And plus, you know, we didn't even get to mention yet the our universal scanner. Right?
Trivy. Many of you may be familiar with Trivy from an open source project, but it's actually Aqua's scanning technology and, you know, it's award winning. Right? They have over twenty thousand stars, on GitHub.
But what's happening here is we're actually delivering that single scanner, that same scanner across our platform. So what we're doing is being able to consolidate all of those views. Right? And what does that help with?
It helps eliminate duplicates, and we can deliver fewer false positives than other providers who, again, duct taping solutions are using multiple tools. So, again, important things to keep in mind and to keep a lookout for when you're evaluating, you know, CNAV solutions. Definitely don't wanna waste time with with duplicate alerts. But I'm gonna take over sort of introducing our our fourth, pitfall.
You know, I think that we, should all be able to agree that, you know, we need to be able to keep an eye on what's happening within our cloud. Right? We need to be able to manage all of these assets. And any assets that are disappearing, right, these ghosts that kinda come or and leave, you know, any assets that are disappearing like that from the inventory or the dashboard, you know, that can lead to to problems.
Right? That leaves us vulnerable. You know, any of these unprotected, entry points, any gaps in vulnerability management or monitoring, you know, that leaves us open to attack, but also the compliance requirements. Right?
That leaves us maybe in compliant with some of these, you know, major major, security and industry standards. And, you know, that's no good. We talk all the time. Right?
Especially with our our, friends over in EMEA. You know, Dora complianceness too. You know, the cyber resilience act that's coming down. You know, you can't you can't be compliant and have things missing.
Right? You can't have any of these blind spots. And any of those blind spots, you know, any of those unmonitored assets, they leave you susceptible. They leave you susceptible to breach, you know, potentially compromising any of your sensitive data.
And, you know, if your assets aren't visible, then how can they be protected? You know, we have a a saying or a little motto at Aqua. You know, you can't see what you can't or you can't protect what you can't see. And so those blind spots, you know, they leave you they leave you open and and exposed to product or so, you know, what can we do about it, Meaghan?
What's what's some of the pro tips that we can leave the audience with?
Yeah. For sure. I mean, one of the top things you wanna do, especially if you're assessing at the stage where you're still assessing your CNAP, you wanna make sure you test the reliability of the CNAP's asset discovery and management features. I you have control over this, folks.
Right? Like, you can in your, POVs or POCs, make sure that you're paying attention to these details and not sort of glazing over or assuming that it's all gonna work fine because you expect it to work fine. Like, why wouldn't you? Right?
But these are these are some things that we're we're hearing from from people who have implemented some of the leading CNAPs out there. So, you know, you wanna make sure that you're you're on it. Right?
You wanna also make sure that your platform can handle dynamic, very dynamic cloud environments. And cloud environments, by definition, are dynamic. Right? Cloud applications are dynamic.
The way they're architected, they were the way they're run, very ephemeral, very dynamic, always changing. So if you if you if you see this as an an issue, then, you know, something that you really wanna address, before you invest in that solution.
These are environments that, you know, assets especially in in, you know, the dynamic cloud environments, these are environments where assets are frequently created. They're frequently decomposed, and and you wanna make sure that these assets show up consistently.
To avoid the solution, again, I wanna point back to using a scanner that's unified across the entire solution right from the development phase all the way up to run time. Right?
And as Erin mentioned before, at Aqua, we do use a single unified scanner across our CNET solution right from code to build to cloud. This is the universal scanner that you're familiar with, is, you know, very popular, well loved. It's Trivy.
And and Trivy powers, the AQUA platform. Right? So it's not the open source version, obviously, but it's it's the it's the baseline for what powers our entire platform. And and as we mentioned before, it's award winning, twenty thousand stars on, GitHub, very, very credible, and it's all consolidated into a single capability.
So as a result, there's no blind spots, no security gaps in the way of entry points, vulnerabilities, or compliance related issues. Everything is covered. Everything is consistently covered.
And you can and you know that you're, you know, you're not going to be surprised with assets that show up, you know, in and when it previously just you didn't even know that they existed. Right? So, that's another pro tip for you on on disappearing assets that we're hearing about, with other common scene apps.
Yeah. That's this is a crazy one to me. I can't imagine logging it, seeing something that should be there and no longer there, and that sort of stress and anxiety of of those blind spots. Right?
How could, again, you can't protect what you can't see. So this is this is a very interesting one to me for sure. But if we move over to our fifth pitfall so this is also very interesting. Is Cenac's that claim integration.
Right? Claim code to cloud, but they're fragmented. Right? They can you know, their existing tools and workflows that are kind of copied and pasted together.
And not only does that create issues, you know, for you internally, but the issues it creates between teams. Right? You know, we talk a lot of, you know, DevSecOps as being this newer role still to so many, but being able to bridge the gaps between your development, your cloud architects, your security operations. Right?
It's critical for effective CNAP implementation. And if you have a solution that's already so siloed and you're trying to use it in teams who are now trying to work together, right, sort of these newer concepts of complete, you know, full life cycle cloud native security. Having a solution that's all broken up and lacks this sort of true integration, that makes it really complicated. Right?
It makes your security management very complicated. It's challenging to be able to have that complete visibility. Right? A siloed approach does not help you to effectively secure your organization or stop attacks.
So, really, we want a solution that's not a set of fragmented tools. Right, Meha? That's that sounds kinda counterintuitive.
But No.
Hundred percent. And, oftentimes, these solutions are you know, they come about because, the organization that's, you know, selling or delivering the solution, they they they grew quickly. They quickly acquired multiple disparate, you know, little solutions from different companies, and they tried to sort of duct tape it together.
And so, you know, this is the impact you see of of having a solution that's sort of not fully integrated in the back end. Right? And so you certainly wanna say and sort of a a way to identify it is, you know, you you might see a particular solution will have a very pretty graphical interface, right, or a user interface that seems, really well connected, maybe even easy to use.
But once you get down into the details and you actually start to use the solution, you find that it's actually very, very siloed in the back end. Right? And this will show up, in different ways as you are utilizing the solution. So you wanna definitely assess that very carefully and understand exactly how everything connects in the back end.
And so look under the hood. Right? Just like you would in making any important purchase, you wanna look under the hood, look into the details, and confirm whether the CNAF truly has a unified data model. And that's that's what it is.
What does it mean for for what does true integration really mean? It's that unified data model, and which can connect issues found in one part of the solution, say, for example, in the run time or the cloud environment, back to sort of the development side, which is the exact line of code. Right? A poorly integrated or duct tape CNET solution can present numerous risks that can severely impact your ability to, to create a a very secure cloud environment.
It could impact your ability to have operational efficiency.
You know, we talked about some of the issues that come up with, duplicate alerts or disappearing assets. Like, all of this is impacting your team's ability to deliver on your security requirements in an efficient and reliable manner. Right? It impacts, the visibility side of things on the cloud in the cloud environment because, again, you don't know what you don't know. You don't know what you're missing.
Obviously, it impacts cost. Right? So, again, you're probably doing more than you need to if it's not fully integrated, or you're wasting time on the phone trying to figure out what's going on, and that is, impacting your productivity. It's increasing your cost. And, of course, would you ever wanna scale with such a solution?
No. Right?
The solution, in fact, does not scale because it is duct taped. It's gonna break at some point. Right? So it's really crucial for organizations to make sure that they're investing in a well integrated, cohesive CNAP that provides comprehensive security.
It provides that streamlined management, that, you know, the vendor is promising you, and, of course, the ability to scale, as your business grows, as your cloud environment grows.
And, you know, oftentimes, organizations are in the process of modernizing their applications, transforming to the cloud. So it's not even about your business growing. It's also just even about that transformation project moving along, and your cloud environment growing as a result.
So so if you look in the hood, if you you check this again in your, proof of values, you you that's the only way you can really ensure robust protection for your collaborative applications, for your infrastructure.
And this is what will enable you to operate with confidence and resilience in this fast paced, dynamic, fast growth digital age.
So so something to be and and, by the way, I just wanna remind all of the attendees here that these are things that, you know, we're actually hearing from the market.
We're actually seeing online. If you go to g two or other peer review sites, like, these are things that, customers of CNAP are, are are facing every day, are complaining about, are challenged with. And so we're here to try and educate all of you and make sure that you're making the right decisions, you're looking at the right details, and you're truly assessing your CNAP to make sure that it works for you and your environment.
So, I'll get off my soapbox here, but over to you, Erin, for the last and, final, I guess, the The pinfall.
Yeah. I was gonna say, do you I think we can say it right because we're product marketers, but it's one thing to write, you know, and have messaging on a website that says code to cloud. It's another to deliver it. And so I think there's a lot of fun in this market.
Right? You know, even just some of the clarity that was brought with the new, CNET market guide, for example. This has been a fast growing market. And so make sure, like, Meha mentioned, when you're checking these things out, right, ask the hard questions.
It's one thing to write some some fancy messaging on a on a web page, and there's another to actually be able to deliver it. So true, false full life cycle, you know, cloud native protection is is important, and a solution should be able to provide that, you know, not just, talk the talk, but also walk the walk. So great points. So, yes, finally, is poor support.
Right? I think many of us have experienced this in many, many different ways, and there is nothing worse, especially when it comes to your cloud native application security. Right? Especially when things come down.
The next log, our first CFO Matt says it's not the next log for j, but the next log five j. Right? When the next thing happens or it's just in your everyday use, there's nothing worse than poor support. So effective support and communication, they're crucial.
Right? They're super critical. Not, you know, throughout the whole process. Right? Not just when you buy.
Right? It's one thing to get someone on the phone and and be very attentive when you want them to, you know, make a deal or close the deal. It's another when you're deploying and then the continuous operation of the solution. And so sometimes, you know, c CNAB solutions, they're packaged with, you know, supplementary solutions like a firewall feature, for example.
And then those customers, right, you buy something thinking you're you're getting one thing and then you're not getting the attention that you deserve or you're just a number on a screen. Right? And so that poor customer service, right, that significantly affects any type of resolution time, right, especially in in, you know, fire drill scenarios.
And, you know, it can it could also cause minor delays. Right? It or escalate minor minor situations into larger, you know, bigger disruptions. So as a customer, you know, again, you don't only wanna be contacted when it's time for renewal, when you when somebody's trying to get more money out of you. You know, you definitely don't wanna be surprised with any expected fees, and I think we probably all experience that in some way or the next, and it's never fun.
And you wanna have an account manager that cares about you. Right? Relationship building, that's so important. And, you know, you don't want someone who's gonna be here for a few weeks and then change to somebody else.
Right? You want to establish that relationship, establish that trust. You don't wanna be bounced around from multiple support teams on hold. Right?
None of that is effective. None of that is helpful, especially when you're operating with, you know, one, could be very highly business impacting. But, of course, to a platform. Right?
Something that needs to be connected as we just mentioned. And so if it's, you know, you already are having the challenges with multiple disparate tools that you're trying to work together and then you can't get someone on the phone, man, that has got to be very frustrating and not something that we want anyone to deal with, especially when looking for a CNAB. So, Meha, what do you think they should do about it?
Yeah. Hundred percent. I mean, I all valid points, and I think, it's really important to dig deep at the evaluation stage. Ask about the customer success organization.
Ask about how sup the support process works. Mhmm.
You know, keenly observe the vendor's commitment in building a relationship with you. So, I mean, a CNA purchase is not, a small purchase. It takes several months oftentimes to to get to a point where you know, that, you know, you wanna invest in a particular solution with a specific vendor. So observe how the interaction happens throughout that process. And and remember, you're talking to sales. Initially, you're talking to sales.
You may or may not have any exposure to the customer support organization, so this is the time to ask questions about how the implementation process will go, what happens after you're up and running, right, how how long you will get support for while you're getting comfortable with the solution.
And then if something happens, how do you what is the what is the process to address any issues in an ongoing basis?
So that's that's one side of it. I mean, you you've heard the stories of, you know, a customer calling in to to to tech support, and this is related to the CNAP. You know, one of the CNAP vendors out there, right, is customers calling into tech support or customer support and being transferred from one department to the next to the next to the next because, again, you see that beautiful interface that's unified in the front end, and you assume that everything is integrated in the back end. But in the you know, reality is that, again, with the organization and the solution growing through multiple acquisitions, these are actually very disparate teams on the back end, and and so you get transferred from one to the next.
And in fact, even even the customer support organization as a whole doesn't have a unified approach or even a view into how to solve. It's kinda like going to the doctor and being bounced around one specialist to the next, but, you know, nobody has a full view of of what you're dealing with as a as a human. Right? So, you know, we've all sort of experienced this in different ways.
So you wanna dig deeper. And secondly, of course, look for truth in pricing.
Right? And so, again, you may be pitched a certain price, which is great for the first sort of purchase aspect of it. But then without realizing it, you get hit by all these recurring bills because of the way the solution has been implemented or the way the solution actually executes itself or operates itself, you might get these cloud bills that you were not expecting at all. And, again, this is this is something we've seen and read and heard, read about and heard from from various customers of CNAP solutions. So you wanna offer vendors that understand your organization at a strategic level, that are transparent about pricing, that are building a relationship beyond just the sales, sales engagement.
And, of course, you know, we do all of that with Aqua. Right? At Aqua, we wanna make sure that we're you know, our customers know that we're in we're in it, for the long term. We're your true partners.
You're much, much more than just a revenue target.
You definitely get a very dedicated and attentive customer support team that invests in your success and make sure that you're getting what you need out of your, cloud security cloud native application security solution.
And so we're obviously very, very proud of how we how we do this. So, that's it. I think that sort of wraps the six, see that pitfalls. Hopefully, you found value in this.
And, you know, if you wanna learn more or if you if you'd like to sort of share with us, you know, some of the issues that you've, you faced or or you've heard other people facing.
You know, hit us up at Black Hat. Actually, we're I we hope to see many of you at Black Hat. We're going to be there. There's, our booth number. I don't know, Erin, if we have Twenty five fourteen. Twenty five fourteen is our booth number.
We also have a QR code which we'll bring up at the end of this presentation.
You can scan that QR code to connect with us, to have just a conversation or book a demo, learn more about Aqua, share some of the experiences you've had, and see if there's, a fit there in terms of how we can help you or your organization, select the right scene app for your business.
With that, I'd like to thank all of you, sincerely for attending, for taking the time out to to listen to our presentation, and we hope to hear from you very, very soon. Thank you so much.
Thanks,
And today, that's exactly what we are here to help you achieve. My name is Erin Stefan. I'm the director of product marketing at Aqua. And today, I'm joined by Meha Varier, the vice president of product marketing at Aqua. So let's jump in. Meha, do you wanna kick us off with our first pitfall?
Yeah. Sure. And thanks.
So implementing a cloud native application protection platform is a complex initiative in itself. Right? And, a CNAP that is particularly difficult to deploy can significantly delay the benefits it offers in terms of security and may also require substantial in house training or external consultancy fees. So the first pitfall really that we wanna talk about is deployment complexity limitations and delays.
We're actually hearing from a lot of, customers out in the market looking for CNAPS that or implementing CNAPS. And in this scenario, you know, obviously, time to value is very, very high.
And so customers are what they're looking for is an agent that can be frictionless and works immediately versus something that takes very long to deploy and get going.
Also, not all solutions work in the environments where you work or plan to work. Right? On premises and the cloud across relevant public cloud providers, and nor do they scale to your organization's breadth and depth of needs. We've heard that some of the leading CNAP providers have some solid tools, but deployment feels like it's never ending. And some of the limitations around environments, you know, customers get caught by surprise in that scenario as well. So something to definitely look out for, in terms of challenges that others are facing that, you know, you need to to be aware of as you think about implementing a CNET.
Yeah. That's right, Meha. I mean, and you and I, right, we speak to customers all the time or security professionals all the time. You know, we were both at the on the show floor at RSA or even just, you know, reading through your feedback or talking to our customers on a regular basis. And like you mentioned, what really stands out is this deployment com like, complexity and the sort of the inflexibility of deploying CNAB solutions.
So what you should be looking for, right, some pro tips that we're bringing to you is you should really look for a solution that's built to hand to handle enterprise scale. Right? Something that is simple to deploy, but is also highly scalable. So as your business grows, it it grows with it. Right? There's nothing worse than, you know, trying to run an image scan, for example, and having it take forever, forever, forever and not being a scalable solution.
And what's also important is we know, you know, in the concept of cloud native that these containerized applications, they could live on premise. They could live in a hybrid model, or they could live a hundred percent from the cloud. But it's essential that your solution that you can configure any of these types of security policies once and deploy them anywhere to save you time. So it's really an essential capability. Right? Especially if you're managing these complexities and all of the risks associated with operating in such a diverse and unique cloud environment, you want something that's going to make it easier for you and deliver that scalability.
And something really important to keep in mind as well is the the fact that the solution should deliver immediate time to value. And so what we know from our research, you know, our team Nautilus, our threat research team, you know, a cloud native attacks, they can happen in seconds. So what you want is you want a solution that's going to deliver those robust security policies right out of the box. Right?
You wanna be protected on day one. You don't wanna spend the time trying to get your team up to speed. Right? Especially if they're not experts in cloud native security.
So what you wanna look for is a solution that can help eliminate some of that, eliminate the need for specialized security ex expertise and allows your team to ramp up while also being protected on practice? Right? Like, some of these things are are they too pie in the sky? Well, not when it comes to Aqua.
Right? Aqua solution is easy to deploy.
We have out of the box runtime policies, so that you can start protecting, like we mentioned, on day one. You can enable users to focus on their core business activities without having to invest heavily in security training or personnel. So regardless of the CNAV solution you choose, you don't wanna waste valuable time with long deployments or complex setups. Would you would you agree, Meha?
Absolutely. I think that's super important.
And you're absolutely right. Outplay solution is is easy to easy to deploy and easy to get up and running and, get your organizations protected from from day one.
So let's move on to the second pitfall.
K. Perfect.
The other pitfall that we've heard about quite often is that the runtime agents that, the CNAP solution uses to protect you, it actually ends up slowing you down. Right? And the reality is that a CNAP should be able to give you that real time runtime protection, but while being overhead low. You don't want your runtime agent to block the CPU while it's responding or even force you to restart the container every time you change a policy.
Slow agents can lead to delayed data processing, which in turn affects the responsiveness as well as the operational efficiency of your security operations. Right? So some CNET providers, we've heard, have an older agent with minimal updates over the years. So they're not keeping up with the technology changes, not keeping up with the requirements, of the latest, and greatest cloud environment. So they're not using technologies, for example, such as eBPF.
And this blows down your runtime protection. It blocks the CPU while the agent responds and significantly impacts your ability to to respond to cybersecurity incidents in real time.
Do you have a pro tip for that, Erin?
Yeah. I mean so I think it's important, right, during the trial phase. Right? You should be testing out, especially these big security solutions.
But you should be able to test this out. Right? And you should be able to monitor the c the CNA vendor of choice. Right?
How their agents impact performance.
Another opportunity too. Right? Nobody likes having, you know, business continuity interrupted because of security. So another great resource is, you know, checking your peer review sites.
You know, g two, Gartner peer insights, those are great places to check. And, also, you know, customer references. Right? If you're working with a vendor, you know, being able to talk to a customer to get a clear and unbiased view of their experience, especially when handling agents.
You know, again, if you're a large enterprise, you do not want any of your business to be impacted by security, by the purpose of the agent. Right? The runtime agent to be able to provide that, you know, granular level of visibility and that behavior detection, but also to stop the bad stuff but from happening, but not stopping your business. So, Meha, as you mentioned, right, eBPF technology.
You know, Aqua's solution, Aqua's runtime solution, we updated our agent about two years ago now to utilize eBPF. Right? The next, you know, next generation of technology. And what's great about eBPF is that it's providing that kernel level visibility.
Right? So you're going deeper. You have more granular insight. You're gonna have more accurate, you know, behavioral detection of what's going on, but you're not going to have to sacrifice that business continuity.
So eBPF is really built to be to provide, you know, more application security stability. So it's optimized to do that in a non intrusive manner, which is really important. Right? We don't wanna be, again, slowing down our system, slowing down production for security.
And I think that's what happens a lot. Right? You and I have had these conversations with customers of if they have to make the choice between, you know, business production to cut out security because it's slowing down your business, especially if your vendors are not offering, you know, the latest and greatest technology. So, again, using this approach, you know, it's gonna reduce those performance issues, especially on those heavier agents of the past, right, those more traditional agents.
But it's also gonna be able to provide you and your customers, right, more efficiency, a more seamless security experience, and re you know, ultimately, what does that lead to you and your business? You know, a better application performance, better user satisfaction.
And that's really what we all want from our security solutions. Right? High performance with minimal impact on business. So I think, I think we did well with with number two, but what about moving on to what the third pitfall is with evaluating CNX? What do you think?
Yeah. Let's do it.
The third common problem that we hear hear about is, and this is a weird one, I'll be honest, is cloud assets appearing and disappearing quite randomly in certain CNAPs. Right? And this issue is often called flapping or, basically, duplicate alerts, right, where it's a combination, right, where you see assets disappear, you see them reappear, and therefore, you're not sure exactly what's going on in your environment. Right? And this is the frequent toggling of alert status between safe and unsafe, can create a volume a high volume of duplicate alerts leading to alert fatigue and resource drain.
This can also obviously make it very, very hard for security teams to track the progression of threats. Right? This, you know, you just you don't know what's going on in your environment. You don't know if you actually, dealt with the with the alert, or, you know, or something's off, right, and you just don't remember, this obviously reduces efficiency. It increases the risk of missing genuine threats, and it's a big red flag for sure.
Yeah.
Yeah. Definitely.
I think what you wanna look for, right, in some of these pro tips is you want to look for a fully integrated CNA platform. Right? There's something that's sophisticated enough to correlate and contextualize these alerts across the entire platform. I think and not to, you know, steal the thunder of a later pitfall, but, you know, those ones that are sort of duct taped together, how could you possibly connect, you know, from what's happening in code development right through to run to through to run time?
And without any, you know, clear, prioritized view, you know, you could get lost. Right? You how could you possibly eliminate duplicates or reduce any of that noise that's coming through? And, you know, what's worse is the time that's spent having to sift through all of these alerts.
And I don't know. I think, you know, you've definitely seen it, Mejha. I don't know if those, you know, watching the webinar have, but the latest Gartner CNET market guide. So this was just released of, you know, about a week or two ago.
And so even in this new market guide, right, Gartner has taken a a new approach, a refined approach to, the CNAB market, but they even recommend, right, choosing a CNAB that offers a unified view. Right? It's, you know, a wide range of capabilities, of course, but you want to be able to support that entire ecosystem, right, the entire software development life cycle seamlessly.
And in Gartner's recommendations as well, you know, they recommend, you know, when you're consolidating these tools, of course, the point of consolidation is to reduce the complexity and and cost, but you also wanna improve your security policy enforcement and your risk prioritization.
And you can only do that with a fully integrated solution. And, again, all things that sound great in theory, but in practice, Aqua is that solution. Right? We're able to deliver that fully integrated CNAP solution, and we're truly encompassing that DevSecOps methodology.
Right? Being able to connect what's happening in code all the way through run time without that duct tape, you know, without those, you know, screens that are hard to follow without that, you know, being able to trace one thing from happening on one side to the next. And plus, you know, we didn't even get to mention yet the our universal scanner. Right?
Trivy. Many of you may be familiar with Trivy from an open source project, but it's actually Aqua's scanning technology and, you know, it's award winning. Right? They have over twenty thousand stars, on GitHub.
But what's happening here is we're actually delivering that single scanner, that same scanner across our platform. So what we're doing is being able to consolidate all of those views. Right? And what does that help with?
It helps eliminate duplicates, and we can deliver fewer false positives than other providers who, again, duct taping solutions are using multiple tools. So, again, important things to keep in mind and to keep a lookout for when you're evaluating, you know, CNAV solutions. Definitely don't wanna waste time with with duplicate alerts. But I'm gonna take over sort of introducing our our fourth, pitfall.
You know, I think that we, should all be able to agree that, you know, we need to be able to keep an eye on what's happening within our cloud. Right? We need to be able to manage all of these assets. And any assets that are disappearing, right, these ghosts that kinda come or and leave, you know, any assets that are disappearing like that from the inventory or the dashboard, you know, that can lead to to problems.
Right? That leaves us vulnerable. You know, any of these unprotected, entry points, any gaps in vulnerability management or monitoring, you know, that leaves us open to attack, but also the compliance requirements. Right?
That leaves us maybe in compliant with some of these, you know, major major, security and industry standards. And, you know, that's no good. We talk all the time. Right?
Especially with our our, friends over in EMEA. You know, Dora complianceness too. You know, the cyber resilience act that's coming down. You know, you can't you can't be compliant and have things missing.
Right? You can't have any of these blind spots. And any of those blind spots, you know, any of those unmonitored assets, they leave you susceptible. They leave you susceptible to breach, you know, potentially compromising any of your sensitive data.
And, you know, if your assets aren't visible, then how can they be protected? You know, we have a a saying or a little motto at Aqua. You know, you can't see what you can't or you can't protect what you can't see. And so those blind spots, you know, they leave you they leave you open and and exposed to product or so, you know, what can we do about it, Meaghan?
What's what's some of the pro tips that we can leave the audience with?
Yeah. For sure. I mean, one of the top things you wanna do, especially if you're assessing at the stage where you're still assessing your CNAP, you wanna make sure you test the reliability of the CNAP's asset discovery and management features. I you have control over this, folks.
Right? Like, you can in your, POVs or POCs, make sure that you're paying attention to these details and not sort of glazing over or assuming that it's all gonna work fine because you expect it to work fine. Like, why wouldn't you? Right?
But these are these are some things that we're we're hearing from from people who have implemented some of the leading CNAPs out there. So, you know, you wanna make sure that you're you're on it. Right?
You wanna also make sure that your platform can handle dynamic, very dynamic cloud environments. And cloud environments, by definition, are dynamic. Right? Cloud applications are dynamic.
The way they're architected, they were the way they're run, very ephemeral, very dynamic, always changing. So if you if you if you see this as an an issue, then, you know, something that you really wanna address, before you invest in that solution.
These are environments that, you know, assets especially in in, you know, the dynamic cloud environments, these are environments where assets are frequently created. They're frequently decomposed, and and you wanna make sure that these assets show up consistently.
To avoid the solution, again, I wanna point back to using a scanner that's unified across the entire solution right from the development phase all the way up to run time. Right?
And as Erin mentioned before, at Aqua, we do use a single unified scanner across our CNET solution right from code to build to cloud. This is the universal scanner that you're familiar with, is, you know, very popular, well loved. It's Trivy.
And and Trivy powers, the AQUA platform. Right? So it's not the open source version, obviously, but it's it's the it's the baseline for what powers our entire platform. And and as we mentioned before, it's award winning, twenty thousand stars on, GitHub, very, very credible, and it's all consolidated into a single capability.
So as a result, there's no blind spots, no security gaps in the way of entry points, vulnerabilities, or compliance related issues. Everything is covered. Everything is consistently covered.
And you can and you know that you're, you know, you're not going to be surprised with assets that show up, you know, in and when it previously just you didn't even know that they existed. Right? So, that's another pro tip for you on on disappearing assets that we're hearing about, with other common scene apps.
Yeah. That's this is a crazy one to me. I can't imagine logging it, seeing something that should be there and no longer there, and that sort of stress and anxiety of of those blind spots. Right?
How could, again, you can't protect what you can't see. So this is this is a very interesting one to me for sure. But if we move over to our fifth pitfall so this is also very interesting. Is Cenac's that claim integration.
Right? Claim code to cloud, but they're fragmented. Right? They can you know, their existing tools and workflows that are kind of copied and pasted together.
And not only does that create issues, you know, for you internally, but the issues it creates between teams. Right? You know, we talk a lot of, you know, DevSecOps as being this newer role still to so many, but being able to bridge the gaps between your development, your cloud architects, your security operations. Right?
It's critical for effective CNAP implementation. And if you have a solution that's already so siloed and you're trying to use it in teams who are now trying to work together, right, sort of these newer concepts of complete, you know, full life cycle cloud native security. Having a solution that's all broken up and lacks this sort of true integration, that makes it really complicated. Right?
It makes your security management very complicated. It's challenging to be able to have that complete visibility. Right? A siloed approach does not help you to effectively secure your organization or stop attacks.
So, really, we want a solution that's not a set of fragmented tools. Right, Meha? That's that sounds kinda counterintuitive.
But No.
Hundred percent. And, oftentimes, these solutions are you know, they come about because, the organization that's, you know, selling or delivering the solution, they they they grew quickly. They quickly acquired multiple disparate, you know, little solutions from different companies, and they tried to sort of duct tape it together.
And so, you know, this is the impact you see of of having a solution that's sort of not fully integrated in the back end. Right? And so you certainly wanna say and sort of a a way to identify it is, you know, you you might see a particular solution will have a very pretty graphical interface, right, or a user interface that seems, really well connected, maybe even easy to use.
But once you get down into the details and you actually start to use the solution, you find that it's actually very, very siloed in the back end. Right? And this will show up, in different ways as you are utilizing the solution. So you wanna definitely assess that very carefully and understand exactly how everything connects in the back end.
And so look under the hood. Right? Just like you would in making any important purchase, you wanna look under the hood, look into the details, and confirm whether the CNAF truly has a unified data model. And that's that's what it is.
What does it mean for for what does true integration really mean? It's that unified data model, and which can connect issues found in one part of the solution, say, for example, in the run time or the cloud environment, back to sort of the development side, which is the exact line of code. Right? A poorly integrated or duct tape CNET solution can present numerous risks that can severely impact your ability to, to create a a very secure cloud environment.
It could impact your ability to have operational efficiency.
You know, we talked about some of the issues that come up with, duplicate alerts or disappearing assets. Like, all of this is impacting your team's ability to deliver on your security requirements in an efficient and reliable manner. Right? It impacts, the visibility side of things on the cloud in the cloud environment because, again, you don't know what you don't know. You don't know what you're missing.
Obviously, it impacts cost. Right? So, again, you're probably doing more than you need to if it's not fully integrated, or you're wasting time on the phone trying to figure out what's going on, and that is, impacting your productivity. It's increasing your cost. And, of course, would you ever wanna scale with such a solution?
No. Right?
The solution, in fact, does not scale because it is duct taped. It's gonna break at some point. Right? So it's really crucial for organizations to make sure that they're investing in a well integrated, cohesive CNAP that provides comprehensive security.
It provides that streamlined management, that, you know, the vendor is promising you, and, of course, the ability to scale, as your business grows, as your cloud environment grows.
And, you know, oftentimes, organizations are in the process of modernizing their applications, transforming to the cloud. So it's not even about your business growing. It's also just even about that transformation project moving along, and your cloud environment growing as a result.
So so if you look in the hood, if you you check this again in your, proof of values, you you that's the only way you can really ensure robust protection for your collaborative applications, for your infrastructure.
And this is what will enable you to operate with confidence and resilience in this fast paced, dynamic, fast growth digital age.
So so something to be and and, by the way, I just wanna remind all of the attendees here that these are things that, you know, we're actually hearing from the market.
We're actually seeing online. If you go to g two or other peer review sites, like, these are things that, customers of CNAP are, are are facing every day, are complaining about, are challenged with. And so we're here to try and educate all of you and make sure that you're making the right decisions, you're looking at the right details, and you're truly assessing your CNAP to make sure that it works for you and your environment.
So, I'll get off my soapbox here, but over to you, Erin, for the last and, final, I guess, the The pinfall.
Yeah. I was gonna say, do you I think we can say it right because we're product marketers, but it's one thing to write, you know, and have messaging on a website that says code to cloud. It's another to deliver it. And so I think there's a lot of fun in this market.
Right? You know, even just some of the clarity that was brought with the new, CNET market guide, for example. This has been a fast growing market. And so make sure, like, Meha mentioned, when you're checking these things out, right, ask the hard questions.
It's one thing to write some some fancy messaging on a on a web page, and there's another to actually be able to deliver it. So true, false full life cycle, you know, cloud native protection is is important, and a solution should be able to provide that, you know, not just, talk the talk, but also walk the walk. So great points. So, yes, finally, is poor support.
Right? I think many of us have experienced this in many, many different ways, and there is nothing worse, especially when it comes to your cloud native application security. Right? Especially when things come down.
The next log, our first CFO Matt says it's not the next log for j, but the next log five j. Right? When the next thing happens or it's just in your everyday use, there's nothing worse than poor support. So effective support and communication, they're crucial.
Right? They're super critical. Not, you know, throughout the whole process. Right? Not just when you buy.
Right? It's one thing to get someone on the phone and and be very attentive when you want them to, you know, make a deal or close the deal. It's another when you're deploying and then the continuous operation of the solution. And so sometimes, you know, c CNAB solutions, they're packaged with, you know, supplementary solutions like a firewall feature, for example.
And then those customers, right, you buy something thinking you're you're getting one thing and then you're not getting the attention that you deserve or you're just a number on a screen. Right? And so that poor customer service, right, that significantly affects any type of resolution time, right, especially in in, you know, fire drill scenarios.
And, you know, it can it could also cause minor delays. Right? It or escalate minor minor situations into larger, you know, bigger disruptions. So as a customer, you know, again, you don't only wanna be contacted when it's time for renewal, when you when somebody's trying to get more money out of you. You know, you definitely don't wanna be surprised with any expected fees, and I think we probably all experience that in some way or the next, and it's never fun.
And you wanna have an account manager that cares about you. Right? Relationship building, that's so important. And, you know, you don't want someone who's gonna be here for a few weeks and then change to somebody else.
Right? You want to establish that relationship, establish that trust. You don't wanna be bounced around from multiple support teams on hold. Right?
None of that is effective. None of that is helpful, especially when you're operating with, you know, one, could be very highly business impacting. But, of course, to a platform. Right?
Something that needs to be connected as we just mentioned. And so if it's, you know, you already are having the challenges with multiple disparate tools that you're trying to work together and then you can't get someone on the phone, man, that has got to be very frustrating and not something that we want anyone to deal with, especially when looking for a CNAB. So, Meha, what do you think they should do about it?
Yeah. Hundred percent. I mean, I all valid points, and I think, it's really important to dig deep at the evaluation stage. Ask about the customer success organization.
Ask about how sup the support process works. Mhmm.
You know, keenly observe the vendor's commitment in building a relationship with you. So, I mean, a CNA purchase is not, a small purchase. It takes several months oftentimes to to get to a point where you know, that, you know, you wanna invest in a particular solution with a specific vendor. So observe how the interaction happens throughout that process. And and remember, you're talking to sales. Initially, you're talking to sales.
You may or may not have any exposure to the customer support organization, so this is the time to ask questions about how the implementation process will go, what happens after you're up and running, right, how how long you will get support for while you're getting comfortable with the solution.
And then if something happens, how do you what is the what is the process to address any issues in an ongoing basis?
So that's that's one side of it. I mean, you you've heard the stories of, you know, a customer calling in to to to tech support, and this is related to the CNAP. You know, one of the CNAP vendors out there, right, is customers calling into tech support or customer support and being transferred from one department to the next to the next to the next because, again, you see that beautiful interface that's unified in the front end, and you assume that everything is integrated in the back end. But in the you know, reality is that, again, with the organization and the solution growing through multiple acquisitions, these are actually very disparate teams on the back end, and and so you get transferred from one to the next.
And in fact, even even the customer support organization as a whole doesn't have a unified approach or even a view into how to solve. It's kinda like going to the doctor and being bounced around one specialist to the next, but, you know, nobody has a full view of of what you're dealing with as a as a human. Right? So, you know, we've all sort of experienced this in different ways.
So you wanna dig deeper. And secondly, of course, look for truth in pricing.
Right? And so, again, you may be pitched a certain price, which is great for the first sort of purchase aspect of it. But then without realizing it, you get hit by all these recurring bills because of the way the solution has been implemented or the way the solution actually executes itself or operates itself, you might get these cloud bills that you were not expecting at all. And, again, this is this is something we've seen and read and heard, read about and heard from from various customers of CNAP solutions. So you wanna offer vendors that understand your organization at a strategic level, that are transparent about pricing, that are building a relationship beyond just the sales, sales engagement.
And, of course, you know, we do all of that with Aqua. Right? At Aqua, we wanna make sure that we're you know, our customers know that we're in we're in it, for the long term. We're your true partners.
You're much, much more than just a revenue target.
You definitely get a very dedicated and attentive customer support team that invests in your success and make sure that you're getting what you need out of your, cloud security cloud native application security solution.
And so we're obviously very, very proud of how we how we do this. So, that's it. I think that sort of wraps the six, see that pitfalls. Hopefully, you found value in this.
And, you know, if you wanna learn more or if you if you'd like to sort of share with us, you know, some of the issues that you've, you faced or or you've heard other people facing.
You know, hit us up at Black Hat. Actually, we're I we hope to see many of you at Black Hat. We're going to be there. There's, our booth number. I don't know, Erin, if we have Twenty five fourteen. Twenty five fourteen is our booth number.
We also have a QR code which we'll bring up at the end of this presentation.
You can scan that QR code to connect with us, to have just a conversation or book a demo, learn more about Aqua, share some of the experiences you've had, and see if there's, a fit there in terms of how we can help you or your organization, select the right scene app for your business.
With that, I'd like to thank all of you, sincerely for attending, for taking the time out to to listen to our presentation, and we hope to hear from you very, very soon. Thank you so much.
Thanks,
Watch Next
