noted! Thank you Anshul

yes it's bit hard to manage overwhelming alerts, we need to do heavy tuning to make it suitable for operations. also severity associated with these alerts not always correct.

@@kirangavara 100%, most tools are designed for broad-based detection that is dependent on binary controls (limited), signatures (limited), and profiling (can be erroneous). What will help is the old sliding scale of adversary vs defender - we have to be aware of their TTP (that is always evolving) and tools that are empowered with this rich database (think threat research) to the specific asset (workload) you are protecting is needed. For eg, there is no value in a tool that is a linux supported EPP when your target is Windows.

Glad it was easy to understand. Any cloud security topic that is top of mind for you at the moment?

Glad you got value from this Chirag!

Thank you @Chirag Nayyar ! Is there a Cloud Security Topic that is top of mind for you that we can cover on the Channel?

noted for a future video - thank you Vineet!

@@CloudSecurityPodcast Keen as well. I have found most implementations by current vendors of CIEM to be basic and limited.

If only we had such good and easy-to-understand content when I started! Took a while to wrap my head around this when I started years ago :)

@@devsecop4284 Is there a Cloud Security Topic that is top of mind for you that we can cover on the Channel?

Thank you Pratistha! Is there a Cloud Security Topic that is top of mind for you that we can cover on the Channel?

Palo Alto Prisma Cloud, Wiz, Lightspin, Orca Security & many more - most of them are covering both and CNAPP too.

Hope this answered your question?

@@CloudSecurityPodcast few CNAPP players through - IMO only Aqua Security & Prisma Cloud (They've been around since the early days and cover most of what Gartner defines them Supply Chain, CSPM, CWPP, CIEM etc).

Gartner do love their acronyms, to be fair it does help defenders understand the challenge and appropriate response.

In limited context, they could be - if inline prevention can be taken out of the equation or if the rapid detection can lead to network isolation using the control plane. For, e.g., in the K8s context using behavioural detection/signatures etc., determine a pod is compromised, then use API to block its network connectivity or kill the pod to mitigate the propagation of potential privilege escalation, lateral movement etc. Other use cases in Cloud Native Workloads are possible eg serverless I would imagine.

i personally wouldn't call them framework as they features expected from the 4 Cs.

I would rather say, you could use these tools to comply with your compliance framework control requirements

@@kirangavara Thanks for clarifying. That means the tools are solutions to achieve compliance.

I would be careful when presenting these tools, a lot of times the assumption is that CSPM will "make me compliant", and unscrupulous sales reps will try to capitalize on that. The CSPM tool is only as effective as its ability to ingest, process and map the findings in clouds. An unsupported cloud resource or an unchecked framework/standard means gaps. The CSPM tools for Compliance Control should be taken with a grain of salt, and are fine for "check in the box" and a litmus to overall health - but should not be confused with Security!

Would you say in your personal opinion Palo Alto is good in all of these categories?

@@CloudSecurityPodcast yes, its my personal opinion, paloalto keeps on innovating 💡 and they will be bringing SCA capability to prisma cloud to make more devsecops friendly

IMO Technical Leader - no. Prisma Cloud is a stiched-up solution that had decent product acquisitions that gave it a breadth of coverage but NOT depth in all cases. The self-developed capabilities lack widespread adoption and are a failed start, their version of WAF, and CIEM for example have limited use cases in the Cloud world (from a capability and cost perspective. Their Shift left Capability is extremely limited (IaC scanning, no integrated code scanning) and the recent foray into Supply Chain through acquisition is an attempted bolt-on. Do not even get me started on the CWP/twist lock that is "noisy" and does not look like it stops attacks. Good at marketing though. Gotta peel the layers of the Onion :)

@@kirangavara acquisition != innovation :)

@@devsecop4284 It is not but they do not want to reinvent the wheel when they have cash to buy innovation built by others :)