Understanding CNAPP and Its Role in Cloud Security
This month, Palo Alto Networks rebooted its Cloud-Native Application Protection Platform (CNAPP) solution, introducing Cortex Cloud as the evolution of Prisma Cloud. CNAPP has emerged as the go-to solution for securing cloud environments across the entire application lifecycle. It integrates multiple security technologies—including Cloud Workload Protection Platform (CWPP), Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), and Data Security Posture Management (DSPM), among others—into a cohesive system designed to protect applications from development to runtime.
The rise of CNAPP is a response to the increasing complexity of cloud security, as traditional tools struggle to keep up with hybrid and multi-cloud environments. Security teams require solutions that bridge development, deployment, and runtime security while fostering collaboration between IT, DevOps, and security operations. The challenge lies in the fact that traditional cloud security tools operate in silos, leaving organizations exposed to visibility gaps, misconfigurations, and runtime threats that are unique in cloud environments.
The CNAPP Marketplace and Palo Alto Networks’ Position
The CNAPP market is experiencing rapid growth. According to my latest Cloud Workload Security report from 2Q24, CNAPP revenue grew 42% year-over-year in 2Q24 to nearly $700 million. While the development subsegment grew at a slower rate (21%), the deployment (62%) and runtime (37%) segments saw robust adoption as organizations prioritized compliance, visibility, and real-time threat protection.
Palo Alto Networks has been the CNAPP revenue share leader every quarter since 1Q19. However, Palo Alto Networks faces increasing competition from Wiz and CrowdStrike, which saw 94% and 78% growth, respectively, in 2Q24—multiples faster than Palo Alto Networks’ growth rate.
While Palo Alto Networks has historically led the market, it struggled with integration challenges from its acquisition-heavy approach to CNAPP. Palo Alto Networks’ Prisma Cloud amalgamated multiple acquired technologies, leading to fragmented user experiences and operational inefficiencies.
To counter these challenges, Palo Alto Networks has not just rebranded Prisma Cloud as Cortex Cloud but also spent over a year retooling the technologies into its Cortex XSIAM security operations platform. This shift is intended to consolidate disparate security tools, enhance real-time detection, and improve automation across cloud workloads. The move is a direct response to the market’s demand for seamless, deeply integrated CNAPP solutions that not only secure applications but also reduce the burden on security operations centers (SOCs).
The Two Vectors of CNAPP Evolution: Depth and Breadth
The evolution of CNAPP is occurring along two key dimensions: depth and breadth.
- Depth: Best-of-Breed Security Across the Lifecycle
Depth refers to how well CNAPP solutions address security challenges across development, deployment, and runtime using best-in-class capabilities. A strong CNAPP should:
-
-
- Identify vulnerabilities early in the development phase, securing Infrastructure-as-Code (IaC) and third-party software components.
- Provide deep visibility into cloud environments, enforcing compliance and identifying misconfigurations.
- Deliver robust runtime security, detecting and mitigating real-time threats across containers, virtual machines, and serverless workloads.
-
Palo Alto Networks’ previous CNAPP approach faced integration challenges due to a patchwork of acquisitions. Each acquired company was best-of-breed in its domain, but its lack of seamless integration limited its overall effectiveness. Palo Alto Networks asserts that Cortex Cloud addresses these challenges by embedding CNAPP capabilities natively within the Cortex XSIAM platform. It aims to create a cohesive experience leveraging AI-driven risk prioritization and automated remediation.
- Breadth: Expanding CNAPP’s Role in SecOps
Breadth refers to how CNAPP fits into the broader security operations (SecOps ecosystem. Increasingly, enterprises want cloud security integrated into the totality, including endpoint, network, application, and data security, to provide a holistic view of risk.
This is where Palo Alto Networks is making a strategic play. By merging CNAPP into Cortex XSIAM, the company claims to create a centralized security hub where cloud security is not an isolated function but part of a broader SecOps workflow. According to Palo Alto Networks, the cross-pollination of security data across IT domains (e.g., correlating cloud workload vulnerabilities with endpoint threats) is designed to help security teams shorten the time to value and improve incident response.
If these claims hold, security teams could see faster detection, reduced manual workload, and better alignment between cloud security and enterprise-wide threat management.
Final Thoughts: The Future of CNAPP and Cortex Cloud
The rebranding of Prisma Cloud to Cortex Cloud is a necessary and strategic move for Palo Alto Networks. The company has taken its fair share of criticism in the CNAPP space for a disjointed approach that slowed adoption despite its market leadership. With Cortex Cloud, Palo Alto Networks is betting on tighter integration, automation, and real-time security to regain its competitive edge.
As the CNAPP market continues to evolve, it will be exciting to see how vendors, large and small, continue to innovate. The shift toward platform-centric, deeply integrated security is gaining momentum, and we eagerly await the market’s response to Palo Alto Networks’ new CNAPP offering.
