top of page

Cloud Workload Security Showdown: Crowdstrike vs Microsoft vs PaloAlto Networks - Who Comes Out On Top?

Forrester published several days ago the Forrester Wave™: Cloud Workload Security, Q1 2024.

What i saw?

Battle on cloud security and extensively on cybersecurity is getting tougher. From the crowd stands Palo Alto Networks, Crowdstrike and Microsoft.

The (CWS) market is experiencing significant consolidation, with major providers enhancing their offerings to include cloud infrastructure entitlement management (CIEM) and data protection for platforms like AWS, Azure, and GCP. Infrastructure as Code (IaC) scanning is increasingly adopted for ensuring the security of cloud and container environment build scripts. However, the distinctiveness of CSPM capabilities in aligning configuration rules with compliance templates is decreasing.

What are Major Considerations on Key Trends?

CIEM Integration: The inclusion of CIEM in CWS suites highlights the growing complexity of identity and access management in cloud environments. The ability to track and manage access at a granular level is becoming crucial for security.

IaC Scanning: The rising adoption of IaC scanning demonstrates a proactive approach to security, where vulnerabilities are addressed in the development pipeline, reducing risks in deployment.

CSPM Standardization: The diminishing uniqueness of CSPM capabilities suggests a maturation in the market, possibly leading to standardized approaches in cloud security posture management.

Container Security: Emphasizing container security reflects the increasing use of containerization in cloud environments. The focus on runtime and orchestrator security, along with multifactor authentication, underscores the need for robust security measures in containerized environments.

Advanced Reporting and AI Integration: The trend towards advanced reporting capabilities and the use of AI in CWS tools represents a significant advancement in how cloud security information is processed and communicated. This can lead to more efficient decision-making and improved security compliance.

My key recommendations for CWS customers are:

  1. Choose providers with advanced CIEM capabilities, focusing on configuration and activity-based tracking. This is crucial for managing complex identity access within cloud platforms, detecting transitive access, and addressing risks related to cloud configuration changes and administrative access to sensitive data.

  2. Ensure protection of container runtimes and orchestrators. Container technology, often referred to as "cloud on top of cloud," requires strict control over admin identities and the implementation of multi-factor authentication to safeguard against credential theft. Additionally, methods for detecting and managing secrets in containers, and addressing pre-runtime vulnerabilities, are important.

  3. Look for CWS tools that offer comprehensive reporting on cloud security, remediation, and compliance trends. These tools should cater to different stakeholders, including auditors and executives, with capabilities like trends reporting, creation of presentation-ready reports, and customizable dashboard panels. The integration of generative AI and large language models in CWS tools is emerging, enhancing query response and the generation of context-aware remediation scripts.

Further reading


bottom of page