Wiz News

Wiz recognized as a Cool Vendor in 2021 Gartner Cool Vendors Report

The Cool Vendor report by Gartner publishes a list of new, interesting, and innovative technology companies, recognizing them as a “Cool Vendor”. Needless to say, we're excited to be one of the three companies included in this year’s Cool Vendor report (download a complimentary copy here). The report discusses what’s cool about each company along with why security leaders should care. Gartner also provides context around trends in the cloud security market including what they see as the convergence of the CSPM and CWPP categories.

“Sprawling IaaS+PaaS workloads can no longer be managed effectively using agent-based tools.”

- Gartner, Cool Vendors in Cloud Security Posture Management, Tom Croll, Neil MacDonald, Mark Wah, Prateek Bhajanka, 9 June 2021

Cloud security trends according to Gartner

Gartner analysts speak with hundreds, even thousands of clients each year, giving them a unique view on the trends happening in technology. Here are some highlighted in the report.

Agent-based tools

The cloud is changing and so are approaches to securing the cloud. Gartner writes that:

“Sprawling IaaS+PaaS workloads can no longer be managed effectively using agent-based tools. New techniques are vital to protect dynamic, microservices architectures and containerized workloads running on complex orchestration platforms, such as Kubernetes and fully serverless applications.”

Cloud complexity is growing

Cloud environments are no longer just compromised of virtual machines. Gartner writes that:

“Complexity and scale in modern infrastructure as a service (IaaS) and platform as a service (PaaS) workloads continue to grow exponentially. Multicloud, containerized and serverless applications combine to form dynamic, unpredictable interactions that are increasingly difficult to secure without advanced techniques.”

Which technologies are advancing security

Artificial intelligence has been hyped for security (and other uses as well). Gartner writes that:

“Artificial intelligence (AI) and machine learning (ML) feature heavily in vendor marketing and have helped improve behavioral baselining and identification of sensitive data in cloud storage. However, most advances in cloud security posture management (CSPM) tooling have come from increased automation, dynamic discovery, graph-based data analysis, and improved integration with existing processes and tools.”

Over-privileged third-party tools

This is an issue Wiz sees commonly and we’ve published research on it. Gartner writes that:

“High-profile attacks such as SolarWinds have exposed how over-privileged tools create multiple points of compromise. Modern security management tools must operate in least-privilege modes to minimize the attack surface and reduce the impact of compromise.”

“Protect against compromise by deploying lightweight CSPM technologies that provide read-only, least-privilege automation from outside the workload (using agentless techniques such as API integration and log monitoring).”

- Gartner, Cool Vendors in Cloud Security Posture Management, Tom Croll, Neil MacDonald, Mark Wah, Prateek Bhajanka, 9 June 2021

CSPM and CWPP are converging to form CNAPP

There’s an evolution happening in the cloud security market. At Wiz, we see previous product categories such as CSPM and CWPP giving way to new approaches that build on these existing product capabilities, but expand and combine them to provide functionality not possible when performed separately. When thinking about the market, Gartner writes that:

“Traditional CSPM tools identify simple control plane misconfigurations that result in limited insight to overall workload risk posture. Conversely, hyperscale cloud workload protection platforms (CWPPs) have developed feature-rich tool suites, requiring agents to enforce comprehensive visibility and protection capabilities. This often results in unused functionality, complex management procedures and prohibitive price points.”
“CSPM tools have evolved from noisy, control plane monitors to become feature-rich, scalable platforms, capable of providing contextual alerts, specific to each application, ensuring workload risks are prioritized and assigned to the right teams. These features lead to reduced time to remediation and increased speed of development.”
“Protective guardrails for security governance can now be enforced throughout the development life cycle by defining policy as code (PaC). Furthermore, by “shifting left” and integrating CSPM tools with the delivery pipeline, IaC scanning can combine data with software composition analysis (SCA) tools. This allows vulnerabilities to be identified and prioritized during development, not only in the control and data planes, but also in the entire application stack.”

CSPM capabilities are beginning to merge with those traditionally found in cloud workload protection platforms (CWPP) to provide coverage across the control plane and data plane (i.e. within the cloud workloads themselves in addition to cloud infrastructure configurations). Together, with capabilities that check the configuration of Kubernetes and cloud identity entitlement management (CIEM), a new product category is emerging—the cloud native application protection platform (CNAPP).

To read more about Gartner’s view of the market and the new, interesting, and innovative technology companies in this space, download your complimentary copy of the report.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

June 10, 2021
Assaf Rappaport
Get the latest cloud infrastructure security news in your inbox
You're subscribed!
By signing up you agree to our Privacy Policy