Cloud-Native Security Solution Advancements

Just over a year ago, I published Wiz playbook, exploring how Wiz leapfrogged cloud security vendors to become the fastest-growing cybersecurity company. That journey recently reached an unexpected milestone that shocked everyone: a $32 billion acquisition. But there was always a lingering question on what would be Wiz' next biggest platform play (after it hit $1B)? Well, it appears to be shifting right: a focus on cloud-runtime. Wiz recently launched Wiz Defend, marking its boldest move yet and positioning itself in cloud runtime evolution. Not for servers or endpoints, but for cloud-native workloads, containers, and ephemeral infra. Think of it as EDR, reimagined for the cloud. I just published a new deep dive report exploring everything about it: ▪️ Wiz Defend’ history, strengths and areas to further improve ▪️ How Wiz Defend’ compares to traditional EDR vendors like CrowdStrike, or emerging competitors outlined on this map below ▪️ A real-world breakdown of how Wiz visualizes the anatomy of a cloud-native attack in runtime, especially with recent vuls like IngressNightmare ▪️ Why Defend could replicate the massive success we've seen in EDR (maybe even bigger than their core CSPM when the SOC gets involved) ▪️ How Google's SCC/SOC DNA + Wiz might reshape the future of cloud security operations and lots more. Read the full report here: https://lnkd.in/ehx4p_VG Let's be clear: The road ahead is not without challenges since many security teams (Dev/Sec/Eng/Ops) still exist in siloes, but I like Wiz Defend' vision. The convergence of the SOC and cloud security functions for cloud workloads is at an interesting junction. Organizational adoption will vary, but new launches like this, along with others I've covered before, signal a broader industry evolution.

Security should not be an asymmetrical battle. For years, you’ve been told that "security is an asymmetrical battle." Certainly, it can feel like the odds are stacked against defenders, especially when bad actors work together to share tactics, scripts, and now AI techniques. But defense doesn’t need to be singular, siloed, or proprietary, and I'm passionate about helping defenders gain the upper hand. How? Through an open, community-based approach. The cloud is built on open source. In fact, Kubernetes, the core of the cloud, is itself open source. A community-driven security approach – one where stakeholders and vendors across the industry collaborate – isn’t just a good idea, it’s a necessity. Cloud environments are complex and the stakes are high. When we began building Sysdig, we decided to build an open source engine for cloud threat detection. We called it Falco, and we subsequently contributed to the Cloud Native Computing Foundation (CNCF). Since then, Falco has garnered hundreds of unique contributors from across the globe, has been downloaded 115 million+ times, and achieved CNCF graduation earlier this year. Falco has become the standard for cloud threat detection, and that’s not by accident. That’s the power of open source: continuous improvement, real-time iteration, and complete transparency. By building Sysdig Secure around Falco, our customers have transparency and flexibility into our platform, and they also have the peace of mind that they are adopting an industry standard. Now contrast this with the black-box cloud and legacy security platforms. They promise ease and simplicity, but at what cost? By purposefully obscuring their inner workings, they make it all but impossible for users to tailor solutions or even understand their limitations. They can also take down your whole infrastructure in ways that it’s hard for you to anticipate. A global community, one like the CNCF helped us build around Falco, means that every detection rule and line of code is scrutinized, tested, and refined by experts. This collective intelligence helps tune alerts, increase accuracy, and evolve security at the pace of the threats we face. I believe in strength in numbers. Innovation starts in the community and then great companies are built on top of it.

My 5 biggest takeaways from the Forrester CNAPP report. I spent time reading the latest Forrester Wave™ for Cloud Native Application Protection Platforms, and a few themes stood out about what is important about cloud defense in 2026. Over the course of my career, I’ve learned that security technology is just a means to an end. The real question is whether it changes outcomes. Whether it helps teams make better decisions faster and with more confidence. Here’s what stood out from my perspective: 1. 𝐕𝐢𝐬𝐢𝐨𝐧 𝐨𝐧𝐥𝐲 𝐦𝐚𝐭𝐭𝐞𝐫𝐬 𝐢𝐟 𝐢𝐭 𝐜𝐡𝐚𝐧𝐠𝐞𝐬 𝐨𝐮𝐭𝐜𝐨𝐦𝐞𝐬 The conversation is shifting away from feature comparisons toward measurable impact. Boards and executive teams aren’t asking how many findings you have. They’re asking whether you can explain your exposure clearly, prioritize correctly, and reduce real risk over time. 2. 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜𝐬 𝐚𝐧𝐝 𝐰𝐨𝐫𝐤𝐟𝐥𝐨𝐰 𝐚𝐫𝐞 𝐛𝐞𝐜𝐨𝐦𝐢𝐧𝐠 𝐭𝐡𝐞 𝐜𝐨𝐧𝐭𝐫𝐨𝐥 𝐩𝐥𝐚𝐧𝐞 Detection without workflow is just noise. The differentiator is about helping teams move from detection to understanding to remediation without friction. The platforms that win will be the ones that make investigation and decision-making faster and more certain. 3. 𝐀𝐈 𝐰𝐢𝐥𝐥 𝐫𝐞𝐬𝐡𝐚𝐩𝐞 𝐡𝐨𝐰 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐭𝐞𝐚𝐦𝐬 𝐨𝐩𝐞𝐫𝐚𝐭𝐞 AI isn’t replacing security teams. It’s changing the scale at which they can operate. The most effective organizations I see are using AI to compress investigation time, reduce cognitive load, and help experienced engineers focus on the decisions that actually matter. 4. 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐫𝐢𝐠𝐨𝐫 𝐢𝐬 𝐬𝐞𝐩𝐚𝐫𝐚𝐭𝐢𝐧𝐠 𝐩𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬 𝐟𝐫𝐨𝐦 𝐩𝐫𝐨𝐝𝐮𝐜𝐭𝐬 Enterprise security isn’t just about capability. It’s about consistency, reliability, and trust over time. Clarity of the roadmap, support for quality, and execution discipline matter more than any individual feature. CISOs are buying long-term partners, not just tools. 5. 𝐈𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐢𝐨𝐧 𝐡𝐚𝐬 𝐭𝐨 𝐛𝐞 𝐫𝐞𝐚𝐥, 𝐧𝐨𝐭 𝐢𝐦𝐩𝐥𝐢𝐞𝐝 Security teams don’t need more disconnected telemetry. They need a unified context. Risk only makes sense when identity, workload, vulnerability, and behavior are connected. Without that, prioritization breaks down. 𝐌𝐲 𝐭𝐚𝐤��𝐚𝐰𝐚𝐲: The future of cloud security is about who helps teams understand reality, focus on what matters, and reduce risk in a way that’s defensible to the business. That’s the standard I see security leaders holding vendors to now. The report is in the comment.

Storm-0501 shows us why identity-only zero trust isn’t enough. Attackers started with Entra Connect servers, escalated into a global admin account without MFA, and quickly pivoted into Azure. Once they looked like insiders, every control in place failed them. That’s the reality of hybrid identity and cloud today…if trust is assumed at the control plane, attackers exploit it. This is exactly why we built the Cloud Native Security Fabric. CNSF enforces zero trust in-line, at runtime, across the fabric itself. It continuously validates every session, limits lateral movement across tenants and domains, and makes breach chains visible as they happen. Would it have stopped the first compromised server? No. But it would have contained the blast radius, slowed or blocked the pivots, and turned a catastrophic ransom event into something far more manageable. Identity and posture still matter, but they’re not enough on their own. Without runtime enforcement, enterprises remain exposed. That’s the lesson of Storm-0501, and it’s why CNSF is changing the game. #CloudNetworkSecurity #ZeroTrust #CNSF #Aviatrix Aviatrix

Why does 92% of cloud breaches start at the code layer? Among the 4 C’s of Cloud-Native Security — Cloud, Cluster, Container, and Code — the Code layer is the most vulnerable. Bugs and vulnerabilities originate here, even before anything is built. 𝐌𝐨𝐬𝐭 𝐂𝐨𝐦𝐦𝐨𝐧 𝐑𝐢𝐬𝐤𝐬 : RCE (Remote Code Execution): Lets attackers run code on your server. XSS (Cross-Site Scripting): Hijacks user sessions via browser scripts. SQL Injection: Pulls unauthorized data from databases. SSRF (Server-Side Request Forgery): Forces internal systems to leak data. Credential Hardcoding, Dependency Flaws, and Logic Bugs. If code is weak, the entire stack crumbles. This is why practices like 𝐋𝐢𝐧𝐭𝐢𝐧𝐠(code hygiene checks), Dependency Scanning (vulnerable library detection), and 𝐃𝐀𝐒𝐓 (Dynamic Application Security Testing) are critical. Among the major vendors out there; here is how Dynatrace and Sumologic helps: 𝐃𝐲𝐧𝐚𝐭𝐫𝐚𝐜𝐞’𝐬 𝐎𝐟𝐟𝐞𝐫𝐢𝐧𝐠 : Application Security Module: AI-driven detection of runtime vulnerabilities across production code and libraries. PurePath Tracing: Shows exactly which code and functions are executed — great for root-cause detection. Davis AI: Uses causal machine learning to detect anomalies in code behavior before breaches happen. Integration with DevSecOps Pipelines: Flags vulnerabilities early by integrating with CI/CD tools for scanning and linting. S𝐮𝐦𝐨𝐋𝐨𝐠𝐢𝐜’𝐬 𝐨𝐟𝐟𝐞𝐫𝐢𝐧𝐠 : Cloud SIEM: Real-time alerts for known and unknown threats Insight Trainer: Continuously learns to reduce false positives in threat detection. Copilot (AI Assistant): Helps analyze logs and surface code-layer security gaps. DAST and Dependency Scanning Support: Through integrations and log-based pattern detection during runtime 𝐓𝐡𝐞 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲: Both platforms help — tackle vulnerabilities early, as code is written or deployed. Dynatrace outperfoms in code tracing and runtime protection, while Sumo Logic leads in SIEM and log intelligence. They complement help close security gaps before they become breaches. Proactive investment in Observability and SIEM solutions is no longer an option, but a must. It helps, detect and mitigate code vulnerabilities early in the development process - drive significant cost savings and reduce the reliance on extensive Data Loss Prevention (DLP) solutions. According to a research by HackerOne; organizations could save up to 𝟑𝟎%, if they were to address code-level vulnerabilities early during development - a practice known as 𝐬𝐡𝐢𝐟𝐭𝐢𝐧𝐠 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐥𝐞𝐟𝐭. Do you agree? Feel free to add your thoughts. #cloudsecurity #observability #loganalytics #applicationmonitoring #twominutedigest

🚀 With 29% of cyber incidents originating in the cloud, traditional security approaches are struggling to keep up. To stay ahead of modern threats, organizations need a unified approach that merges Cloud Detection & Response (CDR) with Cloud-Native Application Protection Platforms (CNAPP)—ensuring real-time prevention and rapid threat response. 🔥 Why Cloud & SOC Integration Matters: ✅ Bridges the gap between cloud and enterprise SOC teams for faster detection and containment. ✅ Leverages AI-driven insights to predict, prevent, and neutralize attacks. ✅ Enhances ROI—organizations with unified platforms respond to threats significantly faster than those using standalone solutions. ✅ Delivers end-to-end visibility—from code to cloud to SOC, empowering security teams with full context. As cyber threats evolve, integrating cloud security with SOC operations isn’t just a best practice—it’s a necessity. It’s time for AppSec, CloudSec, and SecOps teams to unite and build a proactive, AI-powered security strategy. 🔹 Is your cloud security strategy keeping up with real-time threats? Let’s discuss. ⬇️ #CyberSecurity #CloudSecurity #SOC #AI #ThreatDetection #SecOps #CNAPP #CDR #ZeroTrust https://lnkd.in/dTAsw5m8