Cloud Security, Zero trust

ZScaler embraces cloud security posture management

ZScaler’s Posture Control is designed to give DevOps and security teams the ability to prioritize and remediate risks in cloud-native applications. Pictured: A visitor photographs a symbol of a cloud at the CeBIT 2012 technology trade fair on March 5, 2012, in Hanover, Germany. (Photo by Sean Gallup/Getty Images)

ZScaler late last week announced its new Posture Control solution, designed to give organizations unified Cloud-Native Application Protection Platform (CNAPP) functionality for secure cloud workloads.

Integrated into ZScaler Zero-Trust Exchange, Posture Control lets DevOps and security teams more efficiently prioritize and remediate risks in cloud-native applications earlier in the development lifecycle. The agentless product has been designed to correlate and prioritize risks, such as unpatched vulnerabilities in containers and VMs, excessive entitlements and permissions, and cloud service misconfigurations.

“The cybersecurity landscape continues to evolve as more applications reside across multi-cloud footprints, making it more difficult than ever for security, IT, and DevOps teams to keep up with new types of attacks and efficiently prioritize and then remediate cloud risks,” said Amit Sinha, president of Zscaler. “By extending security directly into developer workflows, infosec teams can collaborate more effectively with DevOps teams to proactively secure applications earlier in the development lifecycle.”

Frank Dickson, who covers security and trust at IDC, viewed the addition of cloud security posture management to Zscaler as a no-brainer. Dickson said the agentless approach has also been championed by Wiz and Orca Security, adding that the agentless cloud security posture management solution leverages the scanning of block storage in IaaS environments.

“The key is that operations professionals can extract telemetry for policy and compliance reporting without interfering with the performance of the application or installing and updating agents,” Dickson said. “Remediation of issues can be instrumented with service tickets to security or application professionals. Thus, the lack of needing an agent to provide real time telemetry or to respond is not an inhibitor. It’s a great offering for the cloud operation audience.”

Dickson added that the sustainability of the competitive advantage of the block storage scanning approach will be challenged. Palo Alto Network was the first existing vendor to add it.  And Lacework added the feature just before the RSA Security Conference. Now, Zscaler has joined the mix.

“Other vendors have announced and unannounced intentions to add the feature,” Dickson said. “The differentiation will come from the analytics in the future rather than the approach. History will judge the winner. In the long-term, the block storage approach may enable the unification of cloud security solutions across multiple audiences.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.