New research reveals what practitioners believe is most important for cloud security technology. Credit: Metamorworks / Getty Images According to new research from ESG and the Information Systems Security Association (ISSA), 58% of organizations are consolidating or considering consolidating the number of security vendors they do business with.Security technology consolidation is bigger than simply winnowing down vendor count. Organizations are shifting from traditional best-of-breed security technologies to tightly integrated security technology platforms. The research illustrates this point: While 24% of respondents say their organization tends to continue to purchase best-of-breed security technologies, 38% say they purchase integrated security technology platforms, while 15% are transitioning purchases from best-of-breed products to security technology platforms (note: the remainder responded “don’t know”).Just what type of capabilities are security professionals looking for in integrated platforms? In my last post, I described the five things infosec pros most want from XDR. As part of our research, ESG and ISSA asked about other platforms as well. Following the pattern established in that earlier post, here are the 5 things security pros want from cloud-native application protection platforms (CNAPP): Accurate threat detection, 28%. “A high level of threat detection efficacy and accurate alerting.” Security pros want specific details on cloud-focused cyberattacks, likely presented in a timeline of events. It’s also probable that they want this information to align with the MITRE cloud matrix.Broad support, 28%. “Support for all types of server and compute platforms” (i.e., virtual machines, containers, serverless, bare metal, etc.). This aligns with the whole platform vibe—one suite that covers everything.Visibility capabilities, 23%. “A rich set of visibility capabilities from discovery of vulnerabilities to detecting anomalous activities” that bring traditional cloud security posture management (CSPM) functionality to broader CNAPP solutions with the overall goal to have one platform that covers cloud threats and vulnerabilities. Preventative controls, 21%. “Preventative controls for hardening and threat protection,” including basic guardrails, automated rules generation, and the ability to detect and remediate drift from secure configurations.Multi-cloud support, 21%. “Support for multiple public cloud infrastructure platforms and data center environments,” including central policy management and monitoring across AWS, Azure, Google, and other public and private clouds.CNAPP may be an evolving technology, but this list is pretty solid—security practitioners want one cloud security technology platform to cover monitoring and management across all aspects of threat and vulnerability management—the whole enchilada. My esteemed ESG colleague Melinda Marks is all over this space. The ESG/ISSA research report is available for free download here. More from me soon. Related content news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe