gigaom.com
Open in
urlscan Pro
141.193.213.20
Public Scan
Submitted URL: https://get.lacework.com/MDE2LUFUTC0yOTUAAAGRQsWFVYjAphR3GVhOoQsjW01lpHEwDvC3wYi4_fG_iZvEhgGDP-ysIOylYm6OTtG35IGxdkE=
Effective URL: https://gigaom.com/reprint/gigaom-radar-for-cloud-workload-security-cws-230895-lacework/?mkt_tok=MDE2LUFUTC0yOTUAAA...
Submission: On February 21 via api from CA — Scanned from CA
Effective URL: https://gigaom.com/reprint/gigaom-radar-for-cloud-workload-security-cws-230895-lacework/?mkt_tok=MDE2LUFUTC0yOTUAAA...
Submission: On February 21 via api from CA — Scanned from CA
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/6337266/4678bc54-8535-40a7-97b3-44ac697dcbbd
<form id="hsForm_4678bc54-8535-40a7-97b3-44ac697dcbbd" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/6337266/4678bc54-8535-40a7-97b3-44ac697dcbbd"
class="hs-form-private hsForm_4678bc54-8535-40a7-97b3-44ac697dcbbd hs-form-4678bc54-8535-40a7-97b3-44ac697dcbbd hs-form-4678bc54-8535-40a7-97b3-44ac697dcbbd_948b2982-e1f3-449f-aab9-af93d8cd2cba hs-form stacked hs-custom-style"
target="target_iframe_4678bc54-8535-40a7-97b3-44ac697dcbbd" data-instance-id="948b2982-e1f3-449f-aab9-af93d8cd2cba" data-form-id="4678bc54-8535-40a7-97b3-44ac697dcbbd" data-portal-id="6337266"
data-test-id="hsForm_4678bc54-8535-40a7-97b3-44ac697dcbbd">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="form-label" placeholder="Enter your Email"
for="email-4678bc54-8535-40a7-97b3-44ac697dcbbd"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-4678bc54-8535-40a7-97b3-44ac697dcbbd" name="email" required="" placeholder="" type="email" class="hs-input form-control" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_domain_of_interest hs-domain_of_interest hs-fieldtype-checkbox field hs-form-field"><label id="label-domain_of_interest-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="form-label" placeholder="Enter your Domain of Interest"
for="domain_of_interest-4678bc54-8535-40a7-97b3-44ac697dcbbd"><span>Domain of Interest</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input">
<ul required="" role="checkbox" class="inputs-list multi-container">
<li class="hs-form-checkbox form-check" role="checkbox"><input id="domain_of_interest0-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-input form-check-input" type="checkbox" name="domain_of_interest"
value="Cloud, Infrastructure & Management"><label for="domain_of_interest0-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-form-checkbox-display form-label form-check-label"><span>Cloud, Infrastructure & Management</span></label>
</li>
<li class="hs-form-checkbox form-check" role="checkbox"><input id="domain_of_interest1-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-input form-check-input" type="checkbox" name="domain_of_interest" value="Data, Analytics & AI"><label
for="domain_of_interest1-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-form-checkbox-display form-label form-check-label"><span>Data, Analytics & AI</span></label></li>
<li class="hs-form-checkbox form-check" role="checkbox"><input id="domain_of_interest2-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-input form-check-input" type="checkbox" name="domain_of_interest" value="DevOps"><label
for="domain_of_interest2-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-form-checkbox-display form-label form-check-label"><span>DevOps</span></label></li>
<li class="hs-form-checkbox form-check" role="checkbox"><input id="domain_of_interest3-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-input form-check-input" type="checkbox" name="domain_of_interest" value="Network & Edge"><label
for="domain_of_interest3-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-form-checkbox-display form-label form-check-label"><span>Network & Edge</span></label></li>
<li class="hs-form-checkbox form-check" role="checkbox"><input id="domain_of_interest4-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-input form-check-input" type="checkbox" name="domain_of_interest"
value="People, Processes & Applications"><label for="domain_of_interest4-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-form-checkbox-display form-label form-check-label"><span>People, Processes & Applications</span></label></li>
<li class="hs-form-checkbox form-check" role="checkbox"><input id="domain_of_interest5-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-input form-check-input" type="checkbox" name="domain_of_interest" value="Security & Risk"><label
for="domain_of_interest5-4678bc54-8535-40a7-97b3-44ac697dcbbd" class="hs-form-checkbox-display form-label form-check-label"><span>Security & Risk</span></label></li>
</ul>
</div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>By clicking submit, you consent to allow GigaOm to store and process the personal information you’ve submitted.</p>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large btn btn-primary" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1708481167918","formDefinitionUpdatedAt":"1692817735153","lang":"en","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[7281062],\"communicationConsentCheckboxes\":[{\"communicationTypeId\":7849397,\"label\":\"<p>I agree to receive other communications from GigaOm.</p>\",\"required\":false}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"communicationConsentText\":\"<p>GigaOm is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:</p>\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"<p>In order to provide you the content requested, we need to store and process your personal data. If you consent to us storing your personal data for this purpose, please tick the checkbox below.</p>\",\"processingConsentCheckboxLabel\":\"<p>I agree to allow GigaOm to store and process my personal data.</p>\",\"privacyPolicyText\":\"<p>By clicking submit, you consent to allow GigaOm to store and process the personal information you’ve submitted.</p>\",\"isLegitimateInterest\":true}","embedType":"REGULAR","disableCookieSubmission":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36","pageTitle":"GigaOm Radar for Cloud Workload Security (CWS)-230895-Lacework - Gigaom","pageUrl":"https://gigaom.com/reprint/gigaom-radar-for-cloud-workload-security-cws-230895-lacework/?mkt_tok=MDE2LUFUTC0yOTUAAAGRQsWFVf7UyJxBYeqImr7mqysagVtNww7dg_5G2r-sarJLrUkGWRiFTN2_MgBtSMCSJK-uzfV2zCEmj7gJP7CduB9MevCnxK3dVeubf_N0zfGxmw","referrer":"https://get.lacework.com/","urlParams":{"mkt_tok":"MDE2LUFUTC0yOTUAAAGRQsWFVf7UyJxBYeqImr7mqysagVtNww7dg_5G2r-sarJLrUkGWRiFTN2_MgBtSMCSJK-uzfV2zCEmj7gJP7CduB9MevCnxK3dVeubf_N0zfGxmw"},"isHubSpotCmsGeneratedPage":false,"hutk":"5252eebb53e6d2f67cee8017a17b3e85","__hsfp":3018316578,"__hssc":"45581307.1.1708481169524","__hstc":"45581307.5252eebb53e6d2f67cee8017a17b3e85.1708481169524.1708481169524.1708481169524.1","formTarget":"#hbspt-form-948b2982-e1f3-449f-aab9-af93d8cd2cba","rumScriptExecuteTime":2731.1000003814697,"rumTotalRequestTime":3277.400001525879,"rumTotalRenderTime":3344.900001525879,"rumServiceResponseTime":546.3000011444092,"rumFormRenderTime":67.5,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1708481169537,"originalEmbedContext":{"portalId":"6337266","formId":"4678bc54-8535-40a7-97b3-44ac697dcbbd","region":"na1","target":"#hbspt-form-948b2982-e1f3-449f-aab9-af93d8cd2cba","isBuilder":false,"isTestPage":false,"isPreview":false,"css":"","cssRequired":"","isMobileResponsive":true},"correlationId":"948b2982-e1f3-449f-aab9-af93d8cd2cba","renderedFieldsIds":["email","domain_of_interest"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.4708","sourceName":"forms-embed","sourceVersion":"1.4708","sourceVersionMajor":"1","sourceVersionMinor":"4708","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1708481168258,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"onFormReady\"]"},{"clientTimestamp":1708481168259,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"GigaOm Radar for Cloud Workload Security (CWS)-230895-Lacework - Gigaom\",\"pageUrl\":\"https://gigaom.com/reprint/gigaom-radar-for-cloud-workload-security-cws-230895-lacework/?mkt_tok=MDE2LUFUTC0yOTUAAAGRQsWFVf7UyJxBYeqImr7mqysagVtNww7dg_5G2r-sarJLrUkGWRiFTN2_MgBtSMCSJK-uzfV2zCEmj7gJP7CduB9MevCnxK3dVeubf_N0zfGxmw\",\"referrer\":\"https://get.lacework.com/\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36\",\"urlParams\":{\"mkt_tok\":\"MDE2LUFUTC0yOTUAAAGRQsWFVf7UyJxBYeqImr7mqysagVtNww7dg_5G2r-sarJLrUkGWRiFTN2_MgBtSMCSJK-uzfV2zCEmj7gJP7CduB9MevCnxK3dVeubf_N0zfGxmw\"},\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1708481168261,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"CA\""},{"clientTimestamp":1708481169533,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"5252eebb53e6d2f67cee8017a17b3e85\"}"}]}"><iframe
name="target_iframe_4678bc54-8535-40a7-97b3-44ac697dcbbd" style="display: none;"></iframe>
</form>Text Content
Skip to content MAIN NAVIGATION Gigaom This GigaOm Research Reprint Expires Jan 15, 2025 Chris Ray Jan 15, 2024 (Jan 15, 2024) GIGAOM RADAR FOR CLOUD WORKLOAD SECURITY (CWS)V1.0 TABLE OF CONTENTS 1. Executive Summary 2. Market Categories and Deployment Types 3. Decision Criteria Comparison 4. GigaOm Radar 5. Solution Insights 6. Analyst’s Outlook 7. Methodology 8. About Chris Ray 9. About GigaOm 10. Copyright 1. EXECUTIVE SUMMARY Cloud workload security (CWS) has emerged as a pivotal component in the current cloud infrastructure landscape, helping organizations shield their varied cloud workloads from potential threats, breaches, and vulnerabilities. These solutions encompass a range of tools designed to set security policies, oversee activities, and swiftly detect and respond to threats, covering major cloud service providers as well as on-premises setups like Kubernetes. The dynamic nature of shared cloud environments brings about its own set of challenges, and CWS directly tackles these by ensuring a robust security stance. It identifies best practices, spots vulnerabilities, rectifies misconfigurations, and prevents sensitive data leaks. It streamlines the management of compliance needs and offers immediate monitoring, leading to quicker reaction times. Such features are especially valuable to organizations using cloud services, IT security teams, cloud architects, and businesses shifting their operations to the cloud. CWS offers tangible benefits by enhancing the security of cloud workloads and decreasing the likelihood of breaches and compliance issues. And importantly, CWS fills gaps in expertise and observability that no other solution can. Organizations are investing in CWS solutions for several reasons, including: * CWS solutions help organizations safeguard cloud workloads, mitigate risks, and ensure compliance. Cloud providers offer basic controls, but CWS solutions identify vulnerabilities, respond swiftly to threats, and maintain compliance. The cost of a data breach or non-compliance can be devastating, and a CWS solution is a proactive measure that protects an organization’s assets, reputation, and financial well-being. * The cloud workload landscape is evolving rapidly, and organizations must stay ahead of emerging threats and embrace innovative technologies to maintain a robust security posture. CWS solutions have seen rapid maturation, with advanced features like AI-guided remediation, real-time workload security insights, and automated vulnerability assessments becoming standard. This is our first year evaluating the CWS space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 14 of the top CWS solutions in the market, and compares offerings against the capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) outlined in the companion Key Criteria report. Together these reports provide an overview of the category and its underlying technology, identify leading CWS offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision. GIGAOM KEY CRITERIA AND RADAR REPORTS The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and non-functional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector. 2. MARKET CATEGORIES AND DEPLOYMENT TYPES To help prospective customers find the best fit for their use case and business requirements, we assess how well CWS solutions are designed to serve specific target markets and deployment models (Table 1). For this report, we recognize the following market segments: * Small-to-medium business (SMB): In the SMB segment, CWS offers cost-effective protection for cloud workloads, addressing budget constraints while safeguarding critical data from cyberthreats. It’s a scalable solution that empowers smaller organizations to secure their cloud assets efficiently. * Large enterprise: Large enterprises benefit from the robust capabilities of CWS, ensuring the security and compliance of complex cloud workloads at scale. With advanced features like AI-guided remediation and real-time insights, CWS helps enterprises stay ahead of evolving threats and maintain a strong security posture. * Public sector: The public sector relies on CWS to meet stringent compliance requirements while securing sensitive data in cloud environments. CWS solutions tailored to government regulations and cybersecurity standards provide essential protection against cyberthreats for government agencies and other organizations in the public sector. In addition, we recognize the following deployment models: * SaaS: SaaS deployment involves accessing CWS solutions hosted and managed by the vendor. Operators access the service over the internet, eliminating the need for on-premises hardware or software installation. * Self-hosted: Self-hosted deployment allows organizations to install and manage CWS solutions on their own infrastructure. It provides greater control over data and customization but requires in-house hardware and software management. * Hybrid: Hybrid deployment combines both SaaS and self-hosted models, offering flexibility. Some components of the CWS solution may be hosted in the cloud (SaaS), while others run on the organization’s infrastructure (self-hosted). This approach suits organizations with diverse security requirements and infrastructure setups. Table 1. Vendor Positioning: Target Market and Deployment Model VENDOR POSITIONING: TARGET MARKET AND DEPLOYMENT MODEL TARGET MARKET DEPLOYMENT MODEL VENDOR SMB Large Enterprise Public Sector SaaS Self-Hosted Hybrid Aqua Check Point CrowdStrike IBM Lacework Orca Security Palo Alto Networks SentinelOne Sophos Sysdig Tenable Trellix Trend Micro Wiz Source: GigaOm 2024 Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1). “Target market” reflects which use cases each solution is recommended for, not simply whether it can be used by that group. For example, if it’s possible for an SMB to use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for that market segment. 3. DECISION CRITERIA COMPARISON All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector: * Multicloud support * Support for various workloads * Real-time workload security insights * Workload vulnerability assessment * Workload configuration assessment Tables 2, 3, and 4 summarize how each vendor included in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business. * Key features differentiate solutions, outlining the primary criteria to be considered when evaluating a CWS solution. * Emerging features show how well each vendor is implementing capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months. * Business criteria provide insight into the non-functional requirements that factor into a purchase decision and determine a solution’s impact on an organization. These decision criteria are summarized below. More detailed descriptions can be found in the corresponding GigaOm report, “Key Criteria for Evaluating CWS Solutions.” KEY FEATURES * Hybrid environment support: This enables organizations to seamlessly secure workloads across both on-premises and cloud environments, ensuring consistent protection. * Workload detection and response: This empowers organizations to promptly identify and respond to security threats and vulnerabilities within their cloud workloads, ensuring real-time protection. * Auto-discovery of workloads: This feature simplifies the process of identifying and categorizing cloud workloads, streamlining security management. * Automated compliance checks: These checks automate the process of assessing and ensuring compliance with industry regulations and internal security policies. * Workload policy management: This empowers organizations to define and enforce security policies tailored to their cloud workloads. * Automated configuration enforcement: This automates the implementation and enforcement of security configurations, reducing the risk of misconfigurations. Table 2. Key Features Comparison KEY FEATURES COMPARISON Exceptional Superior Capable Limited Poor Not Applicable KEY FEATURES VENDOR AVERAGE SCORE Hybrid Environment Support Workload Detection & Response Auto-Discovery of Workloads Automated Compliance Checks Workload Policy Management Automated Configuration Enforcement Aqua 4.2 Check Point 4.3 CrowdStrike 3.8 IBM 3.2 Lacework 4 Orca Security 3.5 Palo Alto Networks 4.2 SentinelOne 3.5 Sophos 3 Sysdig 4.3 Tenable 3.2 Trellix 2.8 Trend Micro 3.7 Wiz 3 Source: GigaOm 2024 EMERGING FEATURES * AI-guided remediation: This leverages AI and ML in CWS, offering actionable insights and step-by-step recommendations for efficient security issue resolution. It streamlines operations and strengthens cloud asset protection. * Zero-trust runtime protections: Based on the zero-trust principle, these protections validate cloud workload identities and security in real time. They reduce attack surfaces, enhancing security with continuous verification and minimal trust. Table 3. Emerging Features Comparison EMERGING FEATURES COMPARISON Exceptional Superior Capable Limited Poor Not Applicable EMERGING FEATURES VENDOR AVERAGE SCORE AI-Guided Remediation Zero-Trust Runtime Protections Aqua 4 Check Point 4.5 CrowdStrike 2.5 IBM 1 Lacework 4 Orca Security 3.5 Palo Alto Networks 1.5 SentinelOne 2.5 Sophos 3 Sysdig 3 Tenable Trellix 1.5 Trend Micro 2 Wiz 1.5 Source: GigaOm 2024 BUSINESS CRITERIA * Scalability: Scalability refers to the ability of a CWS solution to seamlessly adapt and expand its security measures to accommodate the growing and evolving cloud workloads within an organization’s infrastructure. * Cost: When evaluating cost, we look at the financial impact of implementing a CWS solution and whether it aligns with an organization’s budget and resource constraints. * Flexibility: Flexibility assesses a CWS solution’s adaptability to diverse cloud workload scenarios and its ability to accommodate varying deployment models, market categories, and use cases. * Ease of use: This criterion evaluates how user-friendly and intuitive a CWS solution is, considering factors like user interface design, simplicity of configuration, and accessibility of features. * Ecosystem: For this criterion, we assess the compatibility and integration capabilities of a CWS solution with other security tools, cloud platforms, and third-party applications. Table 4. Business Criteria Comparison BUSINESS CRITERIA COMPARISON Exceptional Superior Capable Limited Poor Not Applicable BUSINESS CRITERIA VENDOR AVERAGE SCORE Scalability Cost Flexibility Ease of Use Ecosystem Aqua 3.4 Check Point 4.2 CrowdStrike 3.6 IBM 3.2 Lacework 4 Orca Security 4 Palo Alto Networks 4 SentinelOne 3.4 Sophos 3.2 Sysdig 4.2 Tenable 4 Trellix 3.2 Trend Micro 3.4 Wiz 3.8 Source: GigaOm 2024 4. GIGAOM RADAR The GigaOm Radar plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months. Figure 1. GigaOm Radar for CWS As you can see in the Radar chart in Figure 1, the Maturity/Platform Play quadrant contains a notable concentration of seven vendors. This cluster shows the market has a high concentration of established players with a strong emphasis on comprehensive solutions that tend to be part of a broader portfolio of cloud and other security solutions. The distribution and movement of these vendors could indicate a larger shift toward more integrated, platform-centric approaches in the industry, where maturity and platform capability are paramount for staying competitive. The characterization of these vendors, particularly the dominance of Fast Movers, implies a market driven by the need for robust, feature-rich platforms capable of addressing diverse and complex security needs. Sysdig stands out as an Outperformer in this group. In the Maturity/Feature Play quadrant is a group of four vendors, demonstrating that there’s still competitive pressure from vendors with a focus on specialized, high-quality solutions for specific use cases rather than broad platform offerings. Orca’s position as a Leader in this quadrant is setting a high benchmark in this category. The Innovation/Feature Play quadrant represents vendors that prioritize innovative, specialized solutions over a wide array of features. SentinelOne’s focused approach, particularly in using AI for specific use cases, sets it apart in a landscape dominated by broader solutions. In the Innovation/Platform quadrant, Aqua’s position as a Leader demonstrates a successful balance of introducing cutting-edge features while maintaining a comprehensive platform approach. Tenable is positioned as a Challenger, and the vendor is on a trajectory from the Innovation half into the Maturity half following its acquisition of Ermetic. In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; there are aspects of every solution that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps. INSIDE THE GIGAOM RADAR To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps. Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic. For more information, please visit our Methodology. 5. SOLUTION INSIGHTS AQUA Solution Overview Aqua, a leader in cybersecurity solutions, specializes in protecting hybrid environments. Recent updates, such as the introduction of AI-guided remediation in 2023, reflect Aqua’s commitment to innovation and its ability to adapt to emerging security challenges. While specific acquisitions are not mentioned, Aqua’s robust feature set suggests a dynamic and evolving product line. The company’s global operations make it a good choice in regions with strict compliance requirements. Aqua’s solution, renowned for its exceptional support of hybrid environments, Kubernetes nodes, ES, Tanzu Application Service (TAS), serverless containers, serverless functions, and others, integrates a suite of capabilities designed for comprehensive security management. It includes features like workload detection and response, automated compliance checks, and efficient policy management. Aqua’s strength lies in its ability to automate security processes, notably through automated configuration enforcement and AI-guided remediation. The solution, while easy to use for basic functionalities, becomes complex with advanced features, often requiring support intervention. Strengths Aqua’s standout strengths lie in its exceptional support for its runtime protections offering surgical preventions instead of the typical blunt approach offered by other vendors. Hybrid environments and automated configuration enforcement showcase its ability to efficiently manage and secure diverse and complex infrastructures. Its innovative approach, particularly in AI-guided remediation and zero-trust runtime protections, is also a key strength. The scalability of the solution is notable, effectively meeting the demands of large organizations. Challenges Aqua’s primary challenges include the complexity involved in configuring advanced features (specifically, workload detection and response and policy management), which can hinder user experience and operational efficiency. The cost factor is a challenge, especially for smaller organizations, and the ecosystem, while adequate, could benefit from further expansion. Purchase Considerations Prospective buyers should consider Aqua’s strong performance in hybrid environments and its automated features. However, the complexity of configuring advanced features and the cost implications for smaller organizations are important factors. Aqua’s solution is best suited for entities that can leverage its full suite of capabilities and afford the required investment in support and configuration. Aqua is particularly effective for large organizations seeking comprehensive security solutions for hybrid environments, and those that need real-time protection of applications in production. Its automated security processes and AI-driven features make it a suitable choice for entities prioritizing cutting-edge, scalable security solutions. Radar Chart Overview Aqua’s is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant due to its comprehensive solution, exceptional hybrid environment support and automated configuration enforcement, and its innovative approach to AI-guided remediation. CHECK POINT Solution Overview Check Point offers solutions that prioritize comprehensive security for both cloud and on-premises environments. This past year, Check Point’s focus has remained steadfast on enhancing its security capabilities, particularly through internal technological advancements rather than acquisitions. The company’s global presence makes it relevant in contexts where strict compliance with regulations such as GDPR is required. Check Point provides a security solution that encompasses multiple products, such as physical/virtual firewalls and agents, integrated within a larger portfolio. It stands out for its ability to cover all workloads seamlessly and integrates with tools like CloudGuard for streamlined response activities. Check Point’s approach is notable for its comprehensive nature, blending a wide array of security components into a cohesive offering, and its automated discovery and compliance features set it apart from its peers. Strengths Check Point’s strengths are evident in its superior hybrid environment support and comprehensive workload detection and response capabilities. The high scores in these areas reflect its ability to offer robust security coverage, versatile for various infrastructures. The ease of implementation and policy customization further underscores its user-friendly and flexible nature. Check Point’s adoption of innovative AI models for remediation and effective zero-trust runtime protections demonstrates its commitment to staying at the forefront of cybersecurity technology. Challenges Check Point has an average score for workload policy management, indicating potential areas for improvement to meet industry standards. While its overall solution is great, this aspect may require further refinement to enhance user experience and operational efficiency. Purchase Considerations When considering Check Point, organizations should weigh its broad security coverage and ease of use against the need for potentially more sophisticated policy management capabilities. The solution’s flexibility and competitive cost make it an attractive option for a wide range of customer types. Check Point’s solution is well-suited for diverse market segments, catering to both cloud and on-premises environments. Its comprehensive security approach makes it a versatile choice for various industries, particularly those requiring robust, scalable security solutions. Radar Chart Overview Check Point is classified as a Leader in the Maturity/Platform Play quadrant due to its established presence, technological advancements, and high scores across key features and business criteria. The company’s consistent focus on enhancing its security offerings, particularly in response to emerging challenges, contribute to its characterization as a Fast Mover. CROWDSTRIKE Solution Overview CrowdStrike, a cloud-native cybersecurity company, offers a unified platform for protecting critical areas of enterprise risk across endpoints, cloud workloads, identity, and data. While it offers broad security solutions, CrowdStrike has a single lightweight agent that protects both the VMs and containers running on it. CrowdStrike Falcon Cloud Security solution is tailored for modern, cloud-first environments, with particular strengths in workload detection and response. It integrates advanced threat intelligence and AI, supplemented by managed detection and response for comprehensive security coverage. Primarily focused on cloud environments, the solution offers effective auto-discovery of workloads and policy management through user-friendly interfaces. However, its automated compliance checks and configuration enforcement are somewhat limited compared to other competitors. CrowdStrike’s approach is notable for its integration of cloud-native technologies and a straightforward, intuitive user experience. Strengths CrowdStrike’s strengths lie in its effective workload detection and response, bolstered by the integration of its threat intelligence sources with AI. CrowdStrike is the only vendor able to show attack paths for hybrid environments thanks to its combination of runtime and cloud data. The solution’s auto-discovery capabilities for popular cloud services and its intuitive policy management system further enhance its appeal. CrowdStrike’s scalability and simple pricing model, focusing on cloud-native and containerized environments, position it as a strong contender in the cybersecurity landscape, particularly for organizations leveraging modern cloud infrastructures. Challenges The primary challenge for CrowdStrike is its somewhat narrow approach to automated compliance checks. Additionally, its zero-trust runtime protections are not as integrated into its cloud workload protection (CWP) solution as that of some competitors. The ecosystem, while robust, could benefit from more openness and broader third-party integrations. Purchase Considerations Organizations should consider CrowdStrike’s strong cloud-native capabilities and simple pricing model. However, those requiring extensive on-premises protection or more integrated zero-trust runtime protections might need to explore additional solutions or products within CrowdStrike’s portfolio. CrowdStrike serves a broad market, including SMBs, large enterprises, and the public sector. Its solutions are especially beneficial for entities heavily invested in cloud infrastructures and modern deployment models, offering affordable and effective security options for a range of organizational sizes. Radar Chart Overview CrowdStrike is classified as a Fast Mover in the Maturity/Platform Play quadrant. The company’s continual adaptations to emerging cybersecurity challenges, such as AI-guided remediation, underscore its dedication to the space. Despite some limitations in on-premises and zero-trust runtime protections, CrowdStrike’s broad market appeal and strong performance in key features affirm its position as a significant player in the CWS space. IBM Solution Overview IBM offers cybersecurity solutions focusing on a blend of traditional and modern environments. Its approach combines agent and API-based security, a standard in the industry, particularly tailored to large enterprises and the public sector. IBM’s global presence and compliance capabilities make it a relevant choice for organizations operating under strict regulatory standards. IBM’s CWS solution is engineered for hybrid environments, using agents and APIs for broad coverage. The solution includes machine learning-powered workload detection and response, with rapid response capabilities stemming from its CLI-based system. Auto-discovery of workloads is achieved through connectors and agents, a common approach in the industry. While IBM’s automated compliance checks and policy management are average, its customization options add value. The solution’s configuration enforcement is focused on cloud resources and on-premises Linux hosts, leaving gaps in certain areas like on-premises Kubernetes clusters. IBM’s ecosystem strength, part of its broader portfolio, enhances the overall solution. Strengths IBM’s cybersecurity solution is strong in workload detection and response, leveraging ML and data security integration from its Baffle acquisition. Its ecosystem is another key strength, marked by robust partnerships and integrations. The solution’s flexibility in handling various deployment models, including SaaS and hybrid, caters well to large enterprises and public sector organizations. Challenges The primary challenges for IBM include its average performance in scalability due to on-premises limitations with agents and a lack of helm charts for certain deployments. Its ease of use is inconsistent, with a mix of modern and outdated UI elements, which could impact user experience. Additionally, the absence of AI in guided remediation and limited zero-trust runtime protections indicate areas for improvement. Purchase Considerations Organizations, particularly large enterprises and public sector entities, should consider IBM’s strong ML-powered detection capabilities and its comprehensive ecosystem. However, they need to be aware of the solution’s limitations in scalability and the inconsistent user experience. IBM’s solution is best suited for large enterprises and the public sector, offering robust capabilities for these segments. Its focus on hybrid environments and ability to integrate with various technologies makes it a viable choice for organizations looking for a balance between traditional and modern security approaches. Radar Chart Overview IBM’s placement on the Radar Chart reflects its narrower feature-based approach to CWS, catering to hybrid environments with a focus on large enterprises and the public sector. The company’s rate of development and response to industry needs, coupled with its extensive ecosystem, position it as a Forward Mover in the Maturity half. LACEWORK Solution Overview Lacework is a dynamic player in the cybersecurity landscape, known for its CWS solution, which includes agent-based, agentless, and API methods and caters effectively to hybrid environments. Targeting SMBs, large enterprises, and the public sector, Lacework’s solution is versatile, addressing security needs across both cloud and on-premises setups. Lacework’s CWS solution is adept at supporting hybrid environments, leveraging agents for on-premises or cloud deployments and APIs for cloud-only environments. It offers effective workload detection and response, with a particular strength in cloud scenarios. The solution’s auto-discovery capabilities cover major cloud providers and open-source infrastructures, ensuring comprehensive coverage. Automated compliance checks and policy management are key features, with the Polygraph feature standing out for its ability to detect anomalous behaviors and potential threats. However, AI-guided remediation is limited, mainly supporting AWS environments. Strengths Lacework excels in automated configuration enforcement with its innovative Polygraph feature, which adapts to customer environments for effective security management. The solution’s ability to map to popular compliance frameworks and the ease of policy customization are significant strengths. Additionally, its ecosystem is robust, integrating seamlessly with major cloud providers and a wide range of DevOps tools, enhancing its appeal to various market segments. Challenges Challenges for Lacework include average scalability and moderate support for hybrid environments that rely heavily on on-premises technologies. While its overall performance is strong, these aspects highlight areas where Lacework could enhance its offering to remain competitive in a rapidly evolving market. Purchase Considerations Organizations should consider Lacework’s CWS for its strong policy management, threat detection via Polygraph, compliance capabilities, and ease of use. However, they need to evaluate the solution’s scalability and flexibility, especially in terms of AI-guided remediation and integration with non-AWS environments. Lacework’s CWS is well-suited for a range of organizations from SMBs to large enterprises and public sector entities. Its adaptability in both cloud and on-premises environments, coupled with its strong ecosystem, makes it a viable option for those seeking comprehensive and easy-to-use security solutions. Radar Chart Overview Lacework is positioned as a Leader in the Maturity/Platform Play quadrant due to its high scores across key features and business criteria and support for a diverse range of use cases. Its focus on innovative features like Polygraph for threat detection, alongside its extensive ecosystem integrations, show that it’s a forward-thinking and adaptable vendor and contribute to its position close to the Innovation half of the Radar. ORCA SECURITY Solution Overview Orca Security offers cybersecurity solutions particularly tailored for popular cloud environments. While its support for hybrid environments is limited, Orca excels in providing comprehensive security for cloud-based workloads. Orca’s CWS solution is renowned for its in-depth, context-aware workload detection and response, following a unified data model across supported clouds. The solution employs an innovative SideScanning method for effective auto-discovery of workloads, ensuring thorough analysis and security coverage. Orca stands out for its automated compliance checks, offering more than 100 customizable frameworks and best practices. While its workload policy management and configuration enforcement are average, the integration of AI-guided remediation, leveraging a choice of Azure OpenAI, Amazon Bedrock, or Google Vertex, adds a cutting-edge dimension to its offerings. Strengths Orca’s strengths are prominently seen in its exceptional workload detection and response capabilities and its advanced, automated compliance checks. The solution’s scalability and cost-effectiveness are also notable, making it an attractive choice for various organizational sizes. Its user-friendly interface and strong ecosystem, encompassing major development and security integration tools, further enhance its appeal in the cloud security domain. Challenges The primary challenge for Orca lies in its limited hybrid environment support, restricting its suitability for organizations with significant on-premises infrastructure. Additionally, while Orca’s policy management and configuration enforcement are capable, they do not standout as leading features compared to some competitors in the space. Purchase Considerations Organizations with a cloud-first strategy should consider Orca for its robust CWS, particularly its strong detection and compliance capabilities. Its scalability and cost-effectiveness make it a viable option for a range of sizes and types of organizations. Orca is ideally suited for SMBs, large enterprises, and public sector organizations that primarily operate in cloud environments. Its strengths in workload detection, compliance, and AI-guided remediation make it a strong candidate for entities seeking simple, prescriptive CWS solutions. Radar Chart Overview Orca is positioned as a Leader in the Maturity/Feature Play quadrant due to its focused, rather than broad, applicability in the cybersecurity landscape as well as its standout features in workload detection and compliance checks. The integration of advanced technologies like GPT-4 for AI-guided remediation underlines its unique approach. PALO ALTO NETWORKS Solution Overview Palo Alto Networks offers comprehensive solutions adept at supporting hybrid environments. The company’s approach combines on-premises and VM-Series virtual firewalls, agents, and other devices with cloud-based deployments, catering to a wide range of infrastructural needs. This versatility makes Palo Alto Networks a strong choice for organizations seeking robust security across diverse environments. Palo Alto Networks provides a CWS solution that excels in hybrid environment support, using a mix of on-premises and cloud-based methods. Its workload detection and response capabilities are consistent across both on-premises and cloud environments, with a distinctive high-availability (HA) architecture. The solution offers agent- and agentless-based discovery for popular on-premises, hybrid, and multicloud deployments for cloud workloads, emphasizing speed and efficiency. Automated compliance checks are extensive (1,500 out of the box), covering a wide range of standards and policies. Policy management for the CWS solution is as flexible as the company’s renowned firewall policy management process, and its proactive approach to configuration enforcement sets it apart in the market. Strengths Palo Alto Networks excels in providing robust security for hybrid environments, with standout features in workload detection and response, extensive compliance checks, and flexible policy management, supported by an HA architecture that’s unique in the industry. Its automated compliance checks are notably comprehensive, and the flexibility in policy creation and management is a significant advantage. The solution’s scalability, owing to its diverse deployment options, and strong ecosystem, including partnerships and integration within a larger platform, further bolster its position as a leading cybersecurity provider. Challenges While Palo Alto Networks excels in many areas, its AI-guided remediation feature is newly released, and its breadth and effectiveness are yet to be fully established. Additionally, the absence of zero-trust runtime protections indicates an area for potential growth and improvement in its security offerings. Purchase Considerations Organizations should consider Palo Alto Networks for its strong hybrid environment support, comprehensive compliance capabilities, and flexible policy management. However, they should also assess the maturity and scope of its newly released AI-guided remediation feature as well as the lack of zero-trust runtime protections. Palo Alto Networks’ solution is well-suited for a wide range of organizations from SMBs to large enterprises and the public sector. Its ability to provide consistent security across both on-premises and cloud environments makes it a strong choice for entities with diverse infrastructural needs. Radar Chart Overview Palo Alto Networks is positioned as a Leader in the Maturity/Platform Play quadrant due to its strong capability in hybrid environments and its comprehensive, flexible security offerings. The company’s innovative HA architecture for detection and response, along with its extensive compliance and policy management features, underscore its position as a mature, yet adaptive player in the CWS field. SENTINELONE Solution Overview SentinelOne is carving out a significant niche in the cybersecurity market, particularly in cloud environments. While its support for hybrid environments, especially Kubernetes on-premises and the major cloud platforms, is commendable, it is primarily geared toward cloud-centric organizations. SentinelOne’s CWS solution is distinguished by its use of multiple AI engines for threat detection and response, offering robust capabilities across different environments. The solution employs eBPF for the unique discovery of workloads, providing valuable context for security purposes. While it excels in workload policy management, including the control of inbound and outbound network traffic, its automated compliance checks are somewhat less comprehensive compared to other competitors. The solution’s design allows for significant automation in configuration enforcement. Policy-based response actions are governed by the customer and include two modes of operation for different threat levels. Strengths SentinelOne’s strengths are evident from its innovative use of AI for threat detection and response to its unique approach to workload policy management. The solution’s scalable architecture, potentially enhanced by eBPF discovery, and intuitive user interface make it a strong contender in the cloud security space. Its robust policy controls, especially for network traffic, add another dimension to its capabilities. Challenges The challenges for SentinelOne include limited flexibility due to its support for Kubernetes only for on-premises environments and the major three cloud providers. The ecosystem, though adequate, could benefit from stronger partnerships and broader integration. Purchase Considerations Organizations, especially those with a strong cloud focus, should consider SentinelOne for its advanced AI-driven threat detection and unique policy management capabilities. However, they should also weigh the solution’s limitations in terms of flexibility. SentinelOne is particularly suited for organizations seeking real-time threat detection and forensic visibility of workload telemetry, whether those workloads operate on-premises or in AWS, Azure, or Google Cloud. Its strengths in AI-driven security and workload policy management make it a viable option for entities prioritizing advanced threat detection and network control capabilities. Radar Chart Overview SentinelOne is positioned as a Challenger in the Innovation/Feature Play quadrant due to its focus on advanced AI-driven security capabilities and its unique approach to workload policy management. The company’s emphasis on cloud and Kubernetes environments aligns it with emerging trends in cybersecurity, although the limited flexibility in deployment models and ecosystem suggests areas for potential growth and diversification. SOPHOS Solution Overview Sophos offers CWS solutions primarily focused on Linux and Windows-based workloads. Its agent-based approach to security makes it a suitable choice for environments reliant on these operating systems. However, the lack of support for some workloads, such as serverless environments, indicates a more traditional focus. Sophos’ CWS solution is centered around an agent-based and container sensor-based mechanism, providing strong detection and response capabilities for Linux and Windows systems and Kubernetes deployments. Its approach to auto-discovery is also based on the agent or sensor, supplemented by image repository scanning, which, while adequate, has inherent limitations due to the prerequisite knowledge of existing workloads. The solution’s automated configuration enforcement is a standout feature, drawing on its cloud security posture management (CSPM) capabilities. However, its automated compliance checks are lacking or non-existent. Strengths Sophos excels in providing reliable agent-based detection and response for Linux and Windows workloads, and its robust automated configuration enforcement is commendable. The solution’s cost-effectiveness, characterized by simple pricing and fair support terms, positions it as an attractive value play in the cybersecurity market. Additionally, the intuitive user interface enhances its usability, making it accessible to a wide range of users, and its zero-trust runtime protections are good. Challenges The primary challenges for Sophos include its limited flexibility due to the heavy reliance on agents, restricting its applicability for serverless environments or other non-VM or non-container workloads. The lack of comprehensive automated compliance checks is a notable gap in its security offerings. Additionally, while the ecosystem is average, there is potential for further development to enhance integration and compatibility with broader technologies. Purchase Considerations Organizations with a strong reliance on Linux and Windows workloads should consider Sophos for its effective agent-based security and cost efficiency. However, they should also consider the limitations in terms of flexibility and the lack of certain advanced features like comprehensive compliance checks and zero-trust protections. Sophos’ strengths in agent-based security make it a viable option for organizations using Linux or Windows and not heavily invested in containerized or serverless technologies. Radar Chart Overview Sophos is positioned in the Maturity/Feature Play quadrant due to its focus on traditional operating systems and a sensor-based security model. The company’s support for automated configuration enforcement use cases and its cost-effective pricing model are positive aspects, but the limited flexibility and lack of advanced features like AI-guided remediation and zero-trust runtime protections contribute to its designation as a Challenger rather than a Leader in this space. SYSDIG Solution Overview Sysdig is known for its exceptional support for hybrid environments and superb execution in workload detection and response. The solution is versatile, supporting containerized environments regardless of location, as well as VMs and on-premises compute resources. Sysdig’s CWS solution offers both an agent-based and agentless approach to workload detection and response, featuring identity protections, drift control, attack lineage tracking, and custom-curated dashboards. Its auto-discovery of workloads, enriched with contextual data from customer environments, provides an in-depth understanding of security status. The “Runtime insights” feature enables Sysdig’s real-time threat detection, as well as multidomain correlation, to prioritize risky combinations across environments. The solution covers popular compliance frameworks and includes infrastructure as code (IaC) scanning. Sysdig’s broad capability in workload policy management allows for configuring various security policies, including IaC policy checking. Automated configuration enforcement is robust, catering to both on-premises and cloud workloads. Strengths Sysdig’s CWS excels in hybrid environment support, offering comprehensive coverage across a wide range of infrastructures. Its agentless approach to workload detection and response, combined with sophisticated features like identity protection and drift control, underscores its leadership in the field. The solution’s flexibility is notable, effectively addressing numerous use cases and deployment models. Additionally, Sysdig’s strong ecosystem, encompassing its own suite and integrations with competitor products, enhances its utility and appeal. Challenges The primary challenge for Sysdig is the newly released (Q4 2023) generative AI feature, “Sage.” While this feature holds promise, its effectiveness and impact are yet to be established, leaving some uncertainty about its potential contribution to Sysdig’s already extensive capabilities. Its zero-trust application protections are somewhat limited outside of the Kubernetes ecosystem, although that use case covers many deployments. Purchase Considerations Organizations seeking a comprehensive, flexible solution for CWS should strongly consider Sysdig. Its ease of use, streamlined deployment, and inclusive support within the pricing structure make it an attractive option. Sysdig’s all-inclusive approach makes it a strong choice across various market segments, including SMBs, large enterprises, and the public sector. Its capabilities in handling diverse environments, from on-premises to cloud and hybrid, make it an ideal choice for entities looking for complete and adaptable security solutions. Radar Chart Overview Sysdig is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant due to its exceptional hybrid environment support and superior workload detection and response capabilities. The recent addition of generative AI with Sysdig Sage should further enhance its already robust offerings. TENABLE Solution Overview Tenable, following its recent acquisition of Ermetic, is quickly transitioning from an innovative platform to a mature one. While its hybrid environment support is currently limited to customer-managed Kubernetes within cloud environments, Tenable’s solution is broadening its capabilities and market reach, making it an increasingly significant player in the field. Tenable’s CWS solution, bolstered by the Ermetic acquisition, offers strong detection and automated response capabilities for all monitored assets. Its auto-discovery of workloads, including IaC and some API discovery, is a strength in its approach. The solution performs automated compliance checks against popular frameworks and allows for customization. Tenable’s CWS is particularly strong in policy management, featuring an intuitive user interface and effective policy creation tools. Its automated configuration enforcement is built into the policies, enhancing the overall security posture. Strengths Tenable’s CWS stands out for its robust policy creation engine and the simplicity of its management interface, making it user-friendly and effective. The solution’s scalability, including unique aspects like identity and access management (IAM) and cloud infrastructure entitlement management (CIEM), is another strong point. Its broad use case set and intuitive features make it a versatile choice across various market segments, including SMBs, large enterprises, and the public sector. Challenges The primary challenge for Tenable lies in its limited hybrid environment support, currently restricted to customer-managed Kubernetes. Additionally, the lack of AI-guided remediation and zero-trust runtime protections are notable gaps in its current offerings. The recent acquisition poses a challenge in the short term while the new technology is being more broadly integrated into the Tenable portfolio. Purchase Considerations Organizations should consider Tenable’s comprehensive CWS solution for its strong policy management, automated response capabilities, and scalability. However, they need to evaluate the solution’s current limitations in hybrid environment support and the potential impacts of the recent acquisition on cost and product integration. Tenable’s CWS is well-suited for a range of organizations from SMBs to large enterprises and the public sector, particularly those operating in cloud environments or using Kubernetes. Radar Chart Overview Tenable is positioned as a Challenger in the Innovation/Platform Play quadrant, but it is expected to move into the Maturity half following its acquisition of Ermetic. The acquisition is a significant step to expand Tenable’s capabilities and market reach. The company’s focus on broadening its use case set and maintaining a user-friendly interface aligns with its goal of becoming a more established player in CWS. TRELLIX Solution Overview Trellix offers a CWS solution with a focus on VM and container workloads, suitable primarily for large enterprises and the public sector. While its hybrid environment support via ePolicy Orchestrator (ePO) on-premises is average, it may not be as robust as some of its competitors. Trellix’s CWS solution provides average support for hybrid environments and focuses on VM and container workloads. The workload detection and response capabilities are somewhat limited, with no support for other types of workloads. Auto-discovery is performed via VM or agent deployment, which could restrict broader applicability. Automated compliance checks are available through a different Trellix product, and the solution allows for custom report creation for compliance purposes. The policy management feature stands out for its simplicity and the ability to blend advanced features easily. Strengths Trellix’s CWS excels in policy management, enabling users to create policies using simple terms while incorporating advanced features. The user interface is noted for its intuitiveness, facilitating ease of use. Additionally, Trellix boasts a strong ecosystem, integrating well with a range of Trellix products and other technologies, enhancing its utility in large enterprise environments. Challenges Challenges for Trellix include limited flexibility due to its focus on VM and container workloads and the lack of AI-guided remediation in its CWS solution. The cost of Trellix products, typically higher than competitors, along with additional charges for professional services and support, may deter potential customers, particularly SMBs. Additionally, the scalability of its solution could be improved, particularly in the context of auto-discovery capabilities. Purchase Considerations Trellix’s pricing model typically positions it at a higher range, making it less accessible for SMBs. Large enterprises and public sector entities should consider Trellix’s CWS for its robust policy management for VM and container workloads along with its intuitive interface and its strong ecosystem. However, the higher cost and the solution’s focus on specific workload types should be weighed against the buyer organization’s specific security needs and budget constraints. Radar Chart Overview Trellix is positioned as a Forward Mover in the Maturity/Platform Play quadrant due to its specialized focus on VM and container workloads, good policy management system, and comprehensive Trellix ecosystem. The higher cost and limited capability in terms of supported workloads position it as an Entrant, catering primarily to larger organizations with specific security requirements or those that have Trellix as an incumbent vendor. TREND MICRO Solution Overview Trend Micro’s CWS solution, likely incorporating elements of its extended detection and response (XDR) capabilities, offers strong hybrid environment support. It excels in workload detection and response for XDR and endpoint detection and response (EDR)-based workloads like VMs, although it may have weaker capabilities for other workload types. The solution employs API-based auto-discovery of workloads, and its automated compliance checks are quite extensive, covering major frameworks and standards. A standout feature is the unified policy editor, which simplifies the management of various policies, including XDR and cloud security. Automated configuration enforcement is another strong point, leveraging the capabilities provided by XDR. Strengths The CWS solution’s strengths include its robust hybrid environment support, particularly if XDR is part of the package. The AI-guided remediation feature, “Trend Companion,” offers prescriptive guidance, adding an advanced, user-friendly aspect to the solution. The solution’s flexibility as part of a larger Trend Micro platform allows it to cater to a range of use cases effectively. Additionally, its ecosystem, featuring a good set of partners and integrations, as well as tight integration with its own tech stack, enhances its overall utility. Challenges Challenges for Trend Micro’s CWS include potentially limited capabilities in workload detection and response for non-XDR/EDR workloads. The absence of zero-trust runtime protections is another notable gap. While the solution is scalable, the reliance on agents might pose management challenges in certain scenarios. Purchase Considerations Organizations should consider Trend Micro’s CWS for its strong compliance capabilities and innovative AI-guided remediation. However, they should evaluate the solution’s effectiveness across different types of workloads and the potential management implications of an agent-based solution. Trend Micro’s CWS is suitable for a broad range of organizations from SMBs to large enterprises and public sector entities. Its particular strengths in policy management and compliance make it a strong candidate for those seeking a comprehensive security solution that is easy to manage and adaptable to various environments. Radar Chart Overview Trend Micro is positioned as a Challenger in the Maturity/Platform Play quadrant due to its strong hybrid environment support and full policy management capabilities. The addition of “Trend Companion” for AI-guided remediation demonstrates the company’s commitment to integrating advanced technologies into its security offerings. WIZ Solution Overview Wiz offers a CWS solution that excels in workload detection and response but lacks comprehensive support for hybrid environments, focusing instead on VMware and OpenShift environments when on-premises. It focuses predominantly on cloud-based workloads, making it a strong contender for organizations with a cloud-first approach. Wiz’s CWS solution offers excellent visibility into various workload types, including configuration, vulnerability, and malware detection. The solution leverages API scanning for auto-discovery of workloads, which is considered average in its depth. Its automated compliance checks are a standout feature, mapping to over 35 frameworks and allowing for customizations. Wiz also provides a library of ready-to-use policies that can be fully customized using Rego. The recent launch of its AI-based configuration drift remediation capability shows promise, though its effectiveness is still new and yet to be fully realized. Strengths Wiz excels in its strong compliance capabilities and its recent foray into AI-based configuration enforcement. The solution’s scalability is noteworthy, offering robust coverage for cloud workloads. Its cost-effectiveness is a significant advantage, known for all-inclusive pricing with support included. Wiz’s ease of use is also a major strength as it provides a comprehensive yet user-friendly approach to security. Challenges The primary challenge for Wiz lies in its minimal on-premises support for hybrid environments, limiting its applicability for organizations with significant on-premises infrastructure. Additionally, while its emerging features like AI-guided remediation are promising, they are still in the early stages of deployment and effectiveness. Purchase Considerations SMBs, large enterprises, and public sector entities with a focus on cloud workloads should consider Wiz’s comprehensive CWS for its strong compliance checks, promising AI-based features, scalability, ease of use, and cost-effectiveness. However, they should also consider the limitations in terms of hybrid environment support and the evolving nature of its AI-guided remediation capabilities. Radar Chart Overview Wiz is positioned as a Challenger in the Maturity/Feature Play quadrant due its strong focus on cloud workloads, with exceptional capabilities in compliance checks and emerging AI-based features and a growing use case list. The minimal hybrid environment support places it as a specialized provider, catering to cloud-centric organizations. 6. ANALYST’S OUTLOOK The current landscape of CWS solutions is rapidly evolving, driven by the increasing complexity and diversity of IT infrastructures. Businesses are transitioning toward hybrid and multicloud environments, which necessitates robust security solutions that can accommodate a wide range of workloads, including virtual machines, containers, and serverless architectures. The key challenge for IT decision-makers is to find a CWS solution that addresses their current needs and is also scalable and adaptable for future requirements. On the GigaOm Radar chart, vendors like Palo Alto Networks, Sysdig, and Trend Micro demonstrate strong capabilities in hybrid environments, offering comprehensive coverage across a variety of infrastructures. Sysdig, for instance, excels in its hybrid support and advanced workload detection and response capabilities, positioning itself as a Leader and Outperformer in the Maturity/Platform Play quadrant. Trend Micro integrates XDR capabilities into its CWS solution, enhancing its appeal for environments reliant on traditional operating systems. Check Point also does many things very well, presenting a tempting choice for the uncertain. On the other hand, Wiz focuses primarily on cloud-based workloads and lacks support for hybrid environments, catering to cloud-centric organizations. Tenable, with its recent acquisition of Ermetic, is transitioning from the Innovation half into the Maturity half of the Radar as it expands its capabilities and market reach. Each vendor brings its own strengths to the table, such as AI-driven features, comprehensive compliance checks, and user-friendly interfaces, highlighting the diversity and specialization within the market. For IT decision-makers embarking on their buying journey, it’s crucial to thoroughly assess their current and future infrastructure needs. Organizations should prioritize vendors that offer scalability and flexibility to adapt to evolving environments. For businesses heavily invested in cloud infrastructures, solutions like Wiz or Tenable Cloud Security might be more suitable. Conversely, for entities requiring robust hybrid environment support, vendors like Sysdig or Trend Micro could offer more comprehensive coverage. Conducting a detailed risk assessment to identify key security requirements and potential vulnerabilities is also essential. IT decision-makers should seek CWS solutions that align with their specific security needs and regulatory compliance requirements, and have integration capabilities with their existing tools and systems. Looking ahead, the CWS market is expected to continue evolving with a stronger emphasis on AI-driven security solutions, increased integration of zero-trust principles, and enhanced capabilities for managing diverse and dynamic workloads. The integration of sophisticated and proactive technologies like Generative AI for guided remediation will likely become more prevalent. Organizations need to stay abreast of these developments and be prepared to adapt their security strategies accordingly. Embracing solutions that offer advanced threat detection, automated policy management, and seamless integration with various cloud services will be crucial for staying ahead to meet rapidly evolving cybersecurity challenges. 7. METHODOLOGY For more information about our research process for Key Criteria and Radar reports, please visit our Methodology. 7. ABOUT CHRIS RAY Chris Ray is a veteran of the cyber security domain. He has a collection of experiences ranging from small teams to large financial institutions. Additionally, Chris has worked in healthcare, manufacturing, and tech. More recently, he has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services. 8. ABOUT GIGAOM GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands. GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises. GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level. 9. COPYRIGHT © Knowingly, Inc. 2024 "GigaOm Radar for Cloud Workload Security (CWS)" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com. Gigaom Knowingly Corporation 3905 State Street #7-448 Santa Barbara, CA 93105-5107 SUBSCRIBE TO OUR MONTHLY ANALYST INSIGHTS Stay on top of emerging trends by joining our newsletter, a monthly publication from our leading network of analysts. Subscribe Now Email* Domain of Interest* * Cloud, Infrastructure & Management * Data, Analytics & AI * DevOps * Network & Edge * People, Processes & Applications * Security & Risk By clicking submit, you consent to allow GigaOm to store and process the personal information you’ve submitted. RESEARCH * Cloud, Infrastructure & Management * Data, Analytics, & AI * DevOps * Network & Edge * People, Processes, & Applications * Security & Risk * View All Research METHODOLOGY * Research Overview * How can vendors participate? * Who is involved in the GigaOm research process? * What are the research steps involved? * How does GigaOm account for changes during the review process? FOR VENDORS * TCO & Benchmarks * Radars * Key Criteria * Business & Technology Impact * Advisory Services * Research Subscription * GigaBrief * Value Engineering RESOURCES * Blog * Analyst Videos * Research Calendar * Case Studies * Vendor Marketing Content Review COMPANY * Why GigaOm * Our Team * Partners * Press Room * Careers * Contact us * LinkedIn * Twitter * Facebook * YouTube * Instagram * Reddit * Spotify * Privacy Policy * MSA * Terms of Service * Code of Conduct * © GigaOm All Rights Reserved 2024 Notifications Feedback