Cloud Native Application Protection Platforms (CNAPP)

CNAPP Security: Contested Space Gets Hotter Amid AI Piloting and Implementation

Share this summary

This report focuses on Cloud Native Application Protection Platforms (CNAPP), with data on the following vendors:

Cloud platforms and cloud-native applications continue to surge in popularity due to IT transformations, cost-effectiveness, scalability, and flexibility. As enterprises continue to embrace cloud infrastructure, this adoption brings with it an escalating range of cybersecurity threats. Increasingly sophisticated attacks from nation-state-sponsored actors, independent hackers, and cybercriminals have made cloud environments a particularly juicy target. Threat actors target common weak points, including cloud misconfigurations, vulnerable APIs, identities, and the software supply chain, underscoring the need for organizations to safeguard their cloud-native workloads and applications.

Cloud-Native Application Protection Platforms (CNAPP) have emerged as critical solutions designed to address these vulnerabilities comprehensively. One component, Cloud Security Posture Management (CSPM), which has existed for over a decade, continues to see strong demand amid cloud workload shifts, providing automated visibility, continuous monitoring, threat detection, and remediation. Organizations leverage CSPM to conduct risk assessments, incident responses, and adhere to governance and compliance needs. The high adoption rate for CNAPP tools stems from the proliferation of cloud-native architectures, dramatically enlarging organizations' digital attack surfaces. Enterprises increasingly prefer and are consolidating point solutions into unified CNAPP platforms, lured by the promise of streamlined security operations and improved visibility.

However, CNAPP has expanded the traditional CSPM framework in recent years, consolidating multiple security functions into a single platform. This idea integrates CSPM capabilities with Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Infrastructure-as-Code (IaC) scanning, API security, and software supply chain analysis. By merging these, CNAPP delivers a holistic view of cloud security risks. CNAPP vendors frequently employ agentless scanning technologies for fast use at scale without the overhead associated with agents on virtual machines.

Over the past year, the industry has continued to develop and reshape CNAPP offerings. Most notably, the deeper integration of generative AI and automation to streamline cloud security operations allows users to not only detect cloud vulnerabilities but remediate them autonomously. In addition, CNAPP tools increasingly involve shift-left practices, integrating security measures earlier in the software development lifecycle, such as software composition analysis (SCA) tools designed to detect open-source vulnerabilities before operational deployment. These developments are further evidence of the broader industry movement toward comprehensive, end-to-end security in both build-time and runtime environments.

The hot CNAPP market has seen several large acquisitions and strategic partnerships since we last released our Observatory on this topic, with sizeable shifts in the competitive landscape. Most significantly, Google's acquisition of Wiz for $32 billion in March 2025 (its largest one ever) further validated the technology’s role within the large cloud hyperscalers. Prior to this news, prominent software industry players Cisco and Check Point announced partnerships with Wiz, choosing to leverage the company’s platform over continued in-house development and support, rather than trying to match the pace with Wiz’s rapid growth and innovation. Regulatory pressures continue to amplify the necessity of CNAPP solutions, particularly in certain highly regulated regions within North America and Europe, as new cybersecurity regulations force organizations to enhance security measures in cloud environments. In Europe, the implementation of the NIS2 Directive, effective late last year, imposed rigorous mandates on critical infrastructure organizations. Responding to these regulatory winds, CNAPP vendors have enhanced their platforms with compliance frameworks and policy enforcement tools.

The evolving threat landscape further underscores the critical need for robust CNAPP implementation. High-profile breaches, often making headlines, continue to harm enterprises from seemingly simple misconfigurations and have caused extensive data exposures. Attackers may also exploit deeper weaknesses within the cloud software stack, causing credential theft, API abuse, and malware deployment in containers. Complicating the issue further is the integration of security practices into earlier stages of software development, or a "shift-left" approach. This trend is changing roles within DevOps teams, evolving software development at the organizational level with a unified DevSecOps model. Developers, traditionally focused solely on the development aspect, now must consider operational and security-oriented tasks, leading to challenges around unfamiliar security workflows, management of multi-cloud infrastructure dependencies, and limited expertise in the area. In addition, reliance on open-source libraries introduces additional vulnerabilities that are often uncovered when the code is already in widespread use, further justifying the case for sophisticated, integrated security tools providing actionable context and remediation features.

CNAPP security software continues to address these complex and evolving issues, delivering visibility and controls for enabling rapid, full remediation when enterprises encounter malicious actors. IT decision makers recognize that CNAPP platforms vary significantly in capabilities, coverage, integration, and cost, and must therefore evaluate solutions against their specific requirements, infrastructure, regulatory constraints, and budget. By choosing the right CNAPP vendor, organizations achieve resilient and secure cloud environments, one critical piece of the modern IT security puzzle.

In ETR’s Observatory Report for Cloud Native Application Protection Platforms (CNAPP) vendors, we focus the data-backed opinions around enterprise-grade security software vendors. This survey ranges from vendors like Microsoft, which is leveraging its ubiquity to realize high growth in its security business, to pure play security leaders like CrowdStrike, Palo Alto Networks, and Zscaler. It includes questions on spending intentions, usage change, relative product strengths, product stickiness, ROI, vendor consolidation, and more.

The Observatory Report

This Observatory features comprehensive and current data about the CNAPP marketplace. The ETR Observatory report for Cloud Native Application Protection Platform (CNAPP) vendors was specifically designed to capture usage and evaluation metrics across a wide swath of professionals representing the end user and evaluator buying demographic. The study offers data and analysis around spending trends, usage, return on investment (ROI), churn, product feature rankings, Net Promoter Scores (NPS), and more for the plethora of players encompassed in this Observatory Scope. This report utilizes only a small portion of that market intelligence data, but the full CNAPP study is available separately.

Positioning for the above was determined purely by ETR’s proprietary surveys powered by the ETR Community. The full methodology and graphic explanation are available on our Methodology page.

While structuring a grouping of disparate vendors with varying functionalities is subjective, the ETR Observatory for CNAPP categorizes the vendor group primarily by breaking down the data-driven plotting of each vendor into our four Observatory Scope vectors and by analyzing proprietary user and evaluation metrics, including Momentum, Presence, and Net Score. Since the full Observatory data study asks respondents about both spending intention and evaluation perspectives, a larger swath of vendors is covered in the Observatory data. However, only vendors with sufficient spending intentions citations are included in the Observatory Scope graphic. ETR’s Observatory reports are based solely on end-user data and feedback from our qualified IT decision-maker community, without vendor involvement.

Security is so strongly tied to business performance now, with the ransomware and business disruption, and it's seen as an enabler for digital transformation. So as companies are going through their data journey—and now their AI journey, let's think about that—they are realizing that there are significant risks that come along with that.

Conclusion – AI Implementation in Cloud Environments Will Compound Risks

The rapid adoption of cloud computing, decentralized architectures, and cloud-native applications has profoundly reshaped the cybersecurity landscape, underscoring the need for integrated protection solutions, and this will further be accelerated as generative AI impacts the software ecosystem. Mitigating this, the rapid evolution of artificial intelligence and automation also benefits CNAPP solution functionality, including better agentless scanning and AI-driven remediation, while assisting overworked security operations professionals. As cloud-native architectures proliferate, new and increasingly sophisticated threats will target misconfigurations, supply chains, identities, APIs, and underlying infrastructure on an even greater scale. Cloud-Native Application Protection Platforms (CNAPP) have emerged as essential tools, consolidating previously fragmented capabilities like CSPM, CWPP, CIEM, and IaC scanning into unified solutions, and will require further development to match these threats. High-profile breaches, some of which became infamous headlines over the past year, frequently originate from human error and simple oversights within IT organizations, again emphasizing the necessity for continuous monitoring, automated compliance, and real-time threat detection. Ultimately, enterprises that continue to embrace comprehensive CNAPP strategies will achieve greater resilience against cybersecurity threats. Continuously refined security protocols leveraging next-generation technologies, combined with deep integration across the software lifecycle, are critical from development through deployment. Embracing CNAPP’s unified approach to cloud-native security will not only mitigate threats but also sustain user trust and protect sensitive data, all at a time when the stakes couldn’t be higher.

Press Need a quote, image, or additional information for an article, reach out to our press team at press@etr.ai

Reprints If you would like permission to reprint this report or our ETR Observatory Scope graphic, please send your request to reprints@etr.ai

ETR Insights Team Contact a member of our ETR Insights team to discuss all the details from this analysis or request custom research.

Erik Bradley, Chief Strategist & Research Director epb@etr.ai
Daren Brabham, PhD, VP Research Analyst dbrabham@etr.ai
Jake Fabrizio, Principal Research Analyst jf@etr.ai
Doug Bruehl, Principal Research Analyst dbruehl@etr.ai

Back to Summary | About ETR | Key Terms | Methodology