Wiz, CrowdStrike, Microsoft Among Leaders on Frost & Sullivan CWPP Radar

Wiz, CrowdStrike, Microsoft, SentinelOne and Palo Alto Networks are ranked top growth leaders on Frost & Sullivan's 2024 Cloud Workload Protection Platforms (CWPP) Radar.

Top innovation leaders include Palo Alto Networks, CrowdStrike, SentinelOne, Microsoft, Trend Micro, Aqua Security and Sysdig.

A CWPP, normally agent-based, is a server workload-centric security solution to protect computing workloads in cloud environments (private, public, hybrid and multicloud) from cybersecurity risks and attacks, regardless of the workload's location, according to the CWPP Radar. Typical workloads that CWPPs secure include cloud hosts, virtual machines (VMs), containers, Kubernetes, databases and APIs.

CWPP features include workload discovery and continuous monitoring; comprehensive and real-time visibility; vulnerability management; runtime protection, and advanced threat detection and response (TDR); and automated reporting and compliance.

Frost & Sullivan says the CWPP sector will maintain strong growth momentum over the next five years and generate nearly $11.5 billion in total revenue in 2028, representing a compound annual growth rate (CAGR) of more than 23% from 2023-2028.

Regionally, North America will remain the largest adopter of cloud security solutions, including CWPP, primarily due to the strong awareness of container vulnerabilities and other cloud-native technology risks.

Related:Sophos CEO Joe Levy on Lessons Learned from CrowdStrike-Microsoft Outage

CWPP Radar Assessment Criteria

The vendors on Frost & Sullivan’s CWPP Radar were assessed based on: Frost & Sullivan’s common assessment criteria (growth and innovation indices); the overall market performance, trends and end customers’ preferences/requirements; peer performance; end users’ perception; and their own performance.

“Each vendor is ranked based on our independent analysis and assessment, combining both secondary and primary research with back and forth interactions with each of them before the placement is finalized,” said Anh Tien Vu, industry principle of cybersecurity at Frost & Sullivan. “[The] vendor needs to have at least $20 million in revenue in 2023. Vendors need to have business presence in at least two regions: EMEA, North America, APAC or LATAM. [In addition], vendors have qualified solutions as per our definition.”

Frost & Sullivan's Anh Tien Vu

The CWPP industry is in a growth phase, Tien Vu said.

“Many large businesses often invest heavily in cloud security technologies and their workforce to secure workloads, applications and data to avoid service disruptions and data breaches, and adhere to regulatory compliances,” he said. “In this context, CWPP is often used as a part of cloud-native application protection platforms (CNAPPs) with other security tools, such as vulnerability management, software composition analysis (SCA), continuous integration and continuous deployment (CI/CD) pipeline security, [Kubernetes] protection, cloud security posture management (CSPM) and API protection with automated remediation capabilities.”

Related:Cynomi vCISO Platform: 'Proof Is in the Pudding'

Largest CWPP Adopters

Customers in the banking, finance and tech industries are the largest adopters of CWPP, as they need “robust cloud security solutions to manage compliance, shift-left security, vulnerability/risk management, and runtime protection/threat management," Tien Vu said.

“Organizations in these sectors have been seen to take a proactive approach to cloud security and cyber risk management as they accelerate their cloud migration for their critical workloads,” he said. “As a result, CWPP has become an important cloud security tool for organizations to manage risks, ensure compliance, secure their cloud workloads and help security teams handle threats in runtime environments effectively. CWPP tools have evolved to not only provide basic vulnerability and compliance management, but also offer organizations the capabilities of real-time threat detection and response across cloud computes, networks, workloads and applications.”

Related:Fortinet Engage Partner Program Evolves to Services Model