welcome to cyber security growth a show for aspiring and existing cyber security leaders I'm your host Sean Valley executive director and CSO of cyber security growth former Chief security officer of Rapid 7 and former CSO of trisentis and now we are moving into a category known as cwpp Cloud workload protection platforms there's a lot of peas in there so I'll try not to blow up the microphone when I say the letter P trying to take it carefully uh I'm gonna read some things here from friends that I found data from I'm going to start with skyhighsecurity.com I do believe they are a product provider in this space so take take it take this knowing that information Cloud workload protection platform or cwpp is defined by Gartner as a workload Centric security solution that targets the unique protection requirements of workloads in modern Enterprise environments workloads in modern environments have evolved to include physical servers virtual machines containers and serverless workloads I like reading that that paragraph because it mentions how it's defined by Gartner and I remember when I was at the Gartner security conference in 2019 and and I heard people walking through the hallways or asking me questions because at that time I was a chief security officer of Rapid seven of my thoughts on cwpp and other acronyms that started with the letter c and I thought to myself I have no idea what you're talking about because the categories were basically brand new and they were like that that was the darling and the the acronyms that started with the letter C in 2019 at the Gartner conferences I have since learned a little bit more about it but at that moment I was like I didn't get to go to the talks I was off doing different meetings so I'll have to go home and learn I'm going to read a little bit more from the description here these workloads provide the underlying Computing transport and storage of the data that deliver application functionality and have evolved you'll see a little visual that we have on the screen here you know they're shrinking with focus on a smaller more specific task that lends itself to the overall application these workloads often reside in on-premise in co-location type environments like third-party data centers or in the public cloud finally depending on its type in the application it supports a workload may be persistent or non-persistent while a server is expected to be in place and functioning for years VMS may be spun up on a monthly or weekly basis and containers may only be used one time and discarded the ability to apply protection to ever shrinking workloads that may be on premise or in the cloud or may or may not persist in the environment means that the very nature of the techniques and solutions to secure them have to change as a result CW PP has evolved to be distinct from endpoint protection platforms it is specifically focused on the protection of workloads regardless of type or location a well-architected cwpp solution will also work seamlessly with a cspm solution we talked about cspm earlier and if you're just watching this one segment go find the section where we covered cspm I grabbed the definition of cwpp from Wikipedia yes there is a Wikipedia entry on cwpp and this is what Wikipedia has cloudwork load protection platform is a cloud security software aimed at securing computer machines possibly virtual cwpps are usually agent based meaning that a software agent is running permanently within the machine that to be protected collecting security relevant data and events and sending those to a cloud-based service the cloud-based service monitors all the machines under its supervision derives alerts and notifies users about corresponding potential threats that was important to read that definition because it helped give me a little bit more color that I didn't get from the initial definition that I read and I'm taking my time on cwpp this one took me a while to really get into and once I got into it I started to realize how important this is to me how this is important to my friends out in industry and how important it might be to all of you listening in watching along and you may realize I don't have this and now I know why I need this so I'm going to read one more description that I grabbed from Gartner here and then we're going to dig into the details of cwpp Gartner asks the question what are Cloud workload protection platforms and what Gartner says is cwpps are workload Centric security products that protect server workloads in hybrid multi-cloud data center environments cwpps provide consistent visibility and controls for physical machines virtual machines containers and serverless workloads regardless of location cwpp offerings protect workloads using a combination of system Integrity protection application control behavioral monitoring intrusion prevention and optional anti-malware protection at runtime cwpp offerings should also include scanning for workload risk proactively in the development pipeline and yes I just read a crapload of different definitions of cwpp because this is how I learned about cwpp I read one I was like I kind of get it I kind of don't get it early in my career I was a software developer but if I'm being completely honest when I started software development I was using Lotus Notes when I took classes on software development I was using Visual Basic six I was learning Java and for years I was a j2ee web application developer who was the cool kid on the Block who learned some JavaScript so I could do some front-end development but this new world of containers and kubernetes and hypervisors and it was an area that I really needed to spend a lot of time because I didn't quite even understand the technical side forget about how do I secure this so I had to learn a lot about cwpp to think about how do I go talk to my Engineers about this how do I become technical enough to be able to hang with those who are building in the kubernetes space in the serverless space that's why I'm taking quite some time on cwpp today [Music] and we are now going to get a little bit more into cwpp first of all as we move into this next space why why is cwpp important you can look at things on the screen I'm going to read some things here that I thought were very important to us the transformation from Legacy to Cloud native applications isn't automatic organizations can't copy and paste to the cloud an application that is currently on premise though I see a lot of people do it they shouldn't and they really can't here are four reasons why Cloud workload protection platform is important first most companies have Legacy applications and infrastructure that prevent a complete movement of functionality to the cloud maybe you're at a software company yourself and you see folk you know your company has an on-prem product and they're saying hey we want to move it to the cloud because that's where all the cool kids are moving their software and like well we can't actually move a lot of the capabilities of this product to the cloud because it relies on physical servers or physical desktops or something that's one that's one big part of this number two most organizations are deliberately using multiple Cloud vendors depending on their specific needs as a result most Enterprises by circumstance or design are working in a hybrid multi-cloud environment this makes it difficult for Security Professionals to know see and manage where applications and data are in a fragmented environment tell me if this sounds familiar to you you talk to people and you say yeah yeah we're an AWS shop yeah all of our developments in AWS and then somehow somewhere you find out wait what we're using gcp wait when did we start using gcp who who said that was okay and come to find out you're using gcp maybe someone in engineering said hey I'm worried about AWS because the devops leadership was telling us how expensive our AWS bill was and someone said hey I think our we could reduce our cost reduce our spend if we move things over to gcp and then someone said well hey let's let's start a small project on gcp and see um you know can we can we actually run on gcp can we rebuild one of our products on gcp and run it there maybe saving money or maybe having a little bit more of a competitive Advantage when AWS decides when Amazon decides to raise their prices I've had this experience in several organizations that I've worked with and I have a feeling that some of our listeners had this experience as well the third bullet around why cwpp is important today application developers grab code from a variety of places like GitHub leverage workloads to create an application and publish it directly to their target audience of consumers this approach is called development operations devops and is a cycle of continuous innovation and continuous development cicd I'm I'm reading this definition like I don't that's it's listed as continuous innovation and continuous development in this thing that I'm reading right now but I I thought it was continuous integration continuous deployment I hold on cicd has two definitions in this copy that I grabbed here it's a CI CD is continuous innovation and continuous development but I've known as cicd as continuous integration and continuous deployment WTF is cicd moving on hold on let me read this sentence again uh the this approach is called devops and is a cycle of CI CD where they can quickly respond to customers and improve the response and experience for their customers and partners in days or weeks okay I'd be labored that one already and the fourth item of why cwpp is so important the trade-off of process for Speed and the constant Improvement of applications means that security is no longer a strict gate for application production Security Professionals can apply controls at application runtime as they used to be able to do the risk to data and applications due to the changing nature of workloads lack of visibility and control and the rise of the always-on devops environment makes cwpp an important security solution in the modern Enterprise my comments on this I saw something on LinkedIn literally this morning of a CEO talking about the value of speed over I think it was Precision I think like speed over quality and the metrics that he demonstrated and showed was speed wins you will be more productive if you if you move things fast and make mistakes versus focus on Perfection and the argument was move fast you will get over over time you'll have more you'll deliver more basically and so that's the world we live in and for us as Security Professionals you know generally we want people to slow down and secure before they move forward but the world is moving at delivering speed delivering at speed and so we can't slow that down I mean we can but we will be a derailleur and folks in Tech leadership roles will continue to see us as kind of this this constant uh constant pain you know the office of no so how do we help our engineer friends continue on this path of speed while we're trying to help protect them and protect data it's a challenge um supposedly cwpp is going to help us here so how does cwpp work how does cloud workload protection platforms work so a comprehensive cwpp solution should give you the ability to discover workloads that have been deployed in your on-premise in public Cloud environments you should be able to add the ability to to manage any unmanaged workloads you discover from a security perspective you should be able to do a vulnerability assessment of a workload by comparing it to a relevant set of policies based on the outcome of the vulnerability assessment you should be able to apply security such as Integrity protection immutability or allow listing memory protection and host based intrusion prevention note that from a pure security perspective anti-malware protection is less critical anti-malware may be tightly coupled to the regulations that govern your industry however that it may be required there are several other considerations and we have a little visual on the screen here okay so now we know a little bit more about how cwpp Works let's talk about some of the key benefits of cwpp Cloud workload protection platform provides a solution for addressing the unique aspects of zero trust security for cloud workloads this includes five areas workloads security constraints hybrid environments multi-cloud environments and discoverability and visibility first workloads servers VMS container and serverless on-premise or in the cloud persistent and non-persistent right key benefits second one security constraints at runtime or in the development process hybrid environments is the third movement from on-prem to the cloud as people are doing their digital transformation journey of moving from on-prem to the cloud multi-cloud environments Enterprises use use of more than one cloud service provider we talked about that a little while ago and then finally discoverability and visibility being able to find and manage workloads in a hybrid multi-cloud environment so key benefits let's find out who some of the players are in this space grabbed some of this info from our friends at Gartner and celax as well as a couple other places uh if you if you're looking at my screen here if you're on the webcast you'll see I have a little visual in the top right of the screen which is this insane chart from uh from G2 I believe this one came from g2.com which just shows this space which I think of as a relatively young space Maybe I'm Wrong is already just overloaded with players in the space so I'm going to talk about some of the players who are in the space we won't go through all of them because there's a lot but I will start off with whiz who showed up as the top player in this list I'm not sure if this is the official order I will say this well let me read about Wiz first this is actually with this is copy from Wiz specifically so as I read this it'll make more sense knowing that it came from the voice of whiz marketing we're on a mission to help organizations effectively reduce risks in their cloud and kubernetes environments purpose built for The Unique complexities of multi-environment multi-workload or multi-protect Cloud Estates whiz automatically correlates the risk the critical risk factors to deliver actionable insights that don't waste time Wiz connects in minutes using a 100 API based approach that scans both platform configurations and inside every workload our full security stack context surfaces the toxic combinations that show The attacker's View to a breach security and development teams use whiz workflows to proactively remove risks and prevent them from becoming breaches my commentary on Wiz I've not used The Wiz platform yet so just keep that in mind my understanding is whiz is the darling in the cloud security space right now and possibly in the specifically the cwpp space I hear of many organizations using whiz as their solution I'm not so sure what brings them to the top but it the chart that I even have on the screen here Has Wiz in the top right most quadrant of this chart it's not a Gartner chart but maybe very similar maybe it is a gardener chart actually it has the letter G on it so I've Heard lots of folks from a cwpp perspective say whiz is the place to go I haven't used it yet so just keep that in mind uh next up on the list is lace work we heard of them in one of our other categories and let me read the copy here lacework defines the original and leading data-driven Cloud native application protection platform scene app lace work is trusted by nearly 1 000 Global innovators to secure the cloud from build to run lacework empowers customers to prioritize risks find known and unknown threats faster achieve continuous Cloud compliance and develop secure code without slowing down all from one unified platform I've used lacework in a POC proof of concept testing it out I have friends who have deployed lace work and swear by it and it has lots of capabilities and it seems like it's more than just a cwpp based off of their copy here there's many other players in the space I'm going to read a couple more and I have a couple more comments as we as we go next one up is orca orca security is the cloud security innovation leader according to Orca by the way this is orca's words provides instant on security and compliance for AWS Azure gcp and kubernetes without the gaps in coverage alert fatigue and operational costs of Agents or sidecars give your team superpowers and simplify Cloud security operations in a single cnap platform for workload and data protection Cloud security posture management vulnerability management identities and compliance management instead of disparate tools operating in silos Orca security builds a graph that encompasses all Cloud assets software connectivity and Trust then prioritizes risk-based on the severity of the underlying security issue it its accessibility and business impact the same eliminates thousands of meaningless security alerts and helps you focus on what matters most so it sounds like Orca does a lot of things as well I hear cnap which we haven't learned about yet but maybe we will in one of our upcoming sessions and it sounds like it does some of the cspm capabilities and more so very interesting other players in this space is Microsoft we know Microsoft is in many of the cloud capability spaces so the Microsoft Defender for cloud is listed in here and I'm not going to read the copy for all of these if you would like to you can go to gartner.com and look up Cloud workload protection platforms or you could go to c l l a x c l l a x.com to get deep details of each of the platforms that I'm going to mention here so I read the first few uh I mentioned that Microsoft Defender for cloud is in this list here other players in the cwpp space include Trend Micro in their Cloud one platform VMware carbon black app control if you remember carbon black was acquired by VMware so now it's VMware carbon black app control Palo Alto prismacloud is in this list illumio core I believe alumia was built specifically to do this function illumios existed for quite some time um I remember following a lumio my goodness since 2013 2014 I believe they existed for this space and took me years before I even understood why they existed because it was new to me sofos has a player in the space sofos Central Sentinel one has a product called Singularity Cloud so if you think about Sentinel one they are in the I'd say like in my thought number two in the endpoint security space where crowdstrike being number one setting a one being number two in this space here so Sentinel one has Singularity Cloud I have used these Sentinel one endpoint security tool I've not used their um cwpp capability next player in this list is sysdig uh their name has a long name to it systig e oh I see I have two that I should have had an enter here that's why I know systic secure is the name of the product if you see my screen that I have in front of me here I forgot to hit enter on the slide the next one is lace work the lacework polygraph data platform and I have folks who use lace work but I mentioned it up above here so I get some some dupes on the slide here that's what happened and then tralex Cloud security is also on this list as well so those are some of the key players in the cwpp space I have used a different player that's not on this slide here so this is this came from the list that I grabbed I've also used Aqua Security in their cwpp capabilities and found great use of it um I I was able to uh use seed uh the aqua security tool integrated into my AWS environment give it to my Engineers really have the engineers do the integration they found it really easy to use I believe it was an agentless environment so it it used an API connection into the AWS environment and was able to look inside of our kubernetes deployed environments to find configuration weaknesses to find vulnerabilities inside the deployed platforms I find something that I'm just really it doesn't Stand Out by the cwpp definitions but there are many times when your vulnerability management tool and I'm thinking like your tenable vulnerability management tool your rapid seven your qualis those types of tools where they struggle to see inside your um your Cloud workloads your kubernetes environments I found Hands-On that Aqua security was able to see well inside my cloud security environments my kubernetes environments find vulnerabilities and then provide those vulnerabilities to our engineers and make a part of their their development and Remediation life cycle so we can you know set things up and handed it to them and they could address those those risks those vulnerabilities and risks so a lot of cwpps really focus on that they mentioned vulnerability Management in one word like that's kind of a big deal your capability can do something that the leaders in the vulnerability management space kind of struggle with but just based off of you you built Your solution differently so keep that in mind from a CW PP perspective and my friends we are done with cwpp for now I will say this I am live weekly on Twitch Fridays at 10 30 a.m Eastern Time 7 30 a.m Pacific time and 3 30 PM GMT and in your pod feeds a few days later my name is Sean Valley from here at cyber security growth this is all for now we will see you next time on cyber security growth bye for now everyone [Music] thank you [Music] thank you