CNAPP buyers guide: Top tools compared

Cloud native application protection platforms aim to provide a complete cloud security solution, but some are more complete than others.

1 2 Page 2
Page 2 of 2
Tenable’s compliance reporting summary showing you issues and why they failed. Tenable

Tenable’s compliance reporting summary showing you issues and why they failed.

Tigera Calico Cloud

Tigera Calico Cloud comes from the CWPP perspective and integrates with lots of different Kubernetes platforms, including the big three IaaS vendors along with Red Hat’s OpenShift and SUSE’s Rancher. The container world is its focus and is more network focused than other CNAPP tools. It has a very transparent pricing page and comes in three different packages: a free open-source collection, a managed services version, and an on-premises version. The protective features of the free version are minimal but the other two are at parity.

Tigera graph of discovered services and how they are connected. Tigera

Tigera graph of discovered services and how they are connected


Uptycs claims to be the only vendor that combines CNAPP (CWPP, CSPM, KSPM, and CIEM) and XDR into a single platform, UI, and data model. Deployment is both agent and agentless and supports AWS, Azure, Google Cloud, as well as private cloud, servers, and laptops. By combining CNAPP and XDR capabilities into a single platform, Uptycs is able to tie together threat activity as it traverses on-premises and cloud boundaries. The company has developed commercial versions of osquery to pull normalized telemetry into what it calls a Detection Cloud, which customers can then query via a Google-like interface. Uptycs has more than 1,100 behavioral rules mapped to the MITRE ATT&CK framework for container and cloud detections. Pricing starts at $5,000 per year for 200 cloud assets.

strom cnapo uptycs Uptycs

Uptycs has a natural language search capability.


Wiz is an agentless platform that combines misconfigurations, network exposure, secrets, vulnerabilities, malware, and overly permissive identities into a single risk prioritization queue. It combines CSPM, CWPP, vulnerability management, infrastructure-as-code (IaC) scanning, CIEM, and container and Kubernetes security capabilities. Notably, it uses a graph-based approach to analyze and model the interconnections between technologies running in the cloud environment and present the pathways to a breach, providing deep context and helping users remediate the most critical risks. Wiz supports AWS, Azure, GCP, Oracle Cloud Infrastructure (OCI), and Alibaba Cloud. It offers two plans, priced per workload. 

strom cnapp wiz security graph Wiz

Wiz Security Graph

[ Learn what cloud providers can and can't do to protect your data and follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ]


Copyright © 2022 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)