Cloud Security Choices: Pure-Play vs. Integrated Platforms

Platform providers increasingly dominate the cloud security landscape owing to their broad coverage, cost efficiency and streamlined operations for clients already embedded in their infrastructure, industry analysts said. But pure-play vendors have carved a niche by solving complex cloud security challenges with deep, best-in-class capabilities and rapidly integrating advanced technologies such as shift-left security.

“The benefits of pure-play usually are much tighter integration between the components. That’s benefit number one. Benefit number two would be deeper, broader functionality. There’s a lot of different artifacts and cloud workloads,” said Forrester Principal Analyst Andras Cser. “Cost reduction is usually the biggest motivator [for platforms]. More streamlined reporting is another benefit that we see.”

Palo Alto Networks has been the largest player in the nearly $700 million CNAPP market for more than five years and currently has 17% share, with CrowdStrike and Wiz trailing at 14% and 11%, respectively, Dell’Oro Group found. But Wiz and CrowdStrike are growing much faster, with the duo recording year-over-year CNAPP growth rates of 94% and 78%, respectively, while Palo Alto Networks grew by just 15%.

“Other than a couple of bright stars like Wiz, the goings in 2024 across the board were a lot tougher than what I think most vendors were expecting to be, given the vast momentum that this market experienced from the pandemic to 2023 or thereabouts,” Dell’Oro Group Senior Director Mauricio Sanchez told Information Security Media Group.

While overall cloud security growth has slowed due to enterprises becoming more judicious in their cloud purchases, Sanchez said adjacent areas such as AI security and data security posture management allow vendors to capitalize on emerging needs in areas such as AI workload protection. The rise of AI security has created a need for specialized solutions to protect AI models and workflows in the cloud.

Benefits and Drawbacks of Platform and Pure-Play Approaches

Platform providers deliver cost-efficient tools that integrate cloud security into broader cybersecurity offerings, benefitting smaller organizations that need comprehensive yet straightforward solutions, Cser said. Platforms do a better job of providing unified dashboards and streamlined reporting, though Cser said they can lack advanced capabilities and sometimes face challenges integrating acquired companies.

“The platform will have components that the point provider will have never had the opportunity or bandwidth or money or resources to build out,” Cser told ISMG. “Larger vendors and larger platforms typically would have a much, much richer technical partnership ecosystem.”

Smaller companies often lack the resources or expertise to manage multiple cloud security tools, making platforms more appealing due to their simplicity and cost effectiveness, Cser said. Many larger enterprises prefer specialist vendors for their advanced capabilities and flexibility, with big firms benefitting from tailored solutions to handle hybrid cloud infrastructure or multi-cloud environments.

Sanchez said smaller vendors are increasingly struggling to compete with platform providers such as Palo Alto Networks and CrowdStrike, who dominate through their reach, partnerships and pricing strategies. Consolidation has led to the acquisition of cloud security specialists by larger platforms, with Fortinet in August 2024 buying Lacework for $152.3 million, down 98% from an $8.3 billion valuation in November 2021.

Conversely, Sanchez said acquisitions often hinder platforms from offering a seamless user experience, with disjointed tools increasing labor and integration costs and leading to compliance gaps and greater exposure to threats. Customers using platforms often report challenges with aligning policies across tools, which Sanchez said can lead to misconfigurations.

“The sticker is the same on all the parts of the product,” he said. “But in reality, the underlying user interfaces, policy management interfaces and reporting interfaces are distinct and disjointed from one another. And then there’s overlaps and gaps in between.”

On the flip side, Cser said pure-play vendors excel at integrations and depth since their sole focus is cloud security, delivering superior functionality tailored to specific workloads and providing a more cohesive experience. The tight integration of components ensures consistent policy enforcement, reduces misconfigurations and avoids issues such as redundant policy management, Cser said.

‘They Can Make the Investment and Choose a Partner for the Long Run’

Larger enterprises with multi-cloud environments often require specialized solutions that offer deep functionality and consistent coverage across multiple cloud providers. Enterprises benefit from deep expertise around multi-cloud security as well as comprehensive visibility and remediation.

“Customers go to a pure-play cloud security vendor in order to provide them the coverage and the expertise and the focus on their cloud journey,” said Yinon Costica, co-founder and vice president of product at Wiz. “It’s a strategic enough decision for almost every single organization out there that they can make the investment and choose a partner for the long-run rather than choosing a checklist partner.”

Unlike some platform providers, Costica said Wiz rebuilds advanced solutions to integrate them natively into its platform, enabling a seamless user experience and avoiding the fragmentation often seen in competitor’s acquisitions. Gem Security is integrated into Wiz Defend as a toggle feature, eliminating setup completely. He said users benefits from a simplified onboarding process and consistent interface (see: Wiz Buys Startup Gem Security for $350M to Spot Cloud Issues).

“It’s all by default, and they can basically start using it immediately,” Costica told ISMG. “So the barrier – the time to value that they have in training, enabling, deploying and implementing – is significantly, orders of magnitude simplified, because it is part of the platform.”

Sanchez said Wiz stands out for achieving significant growth as a specialist provider, with the company’s technical excellence, strong marketing and high-profile customer wins setting it apart from competitors. He said Wiz’s rapid adoption can be attributed to its focus on time-to-value and seamless product deployment.

Costica said Wiz’s investment in shift-left security has enabled developers to identify vulnerabilities early, preventing misconfigurations, lowering remediation costs and reducing risks before code reaches production. The company’s DSPM and AI-SPM capabilities protect data from breaches, secure sensitive data within AI workflows and safeguard AI workloads without additional configurations.

“That allows customers to basically run all of the security checks they run in the cloud, but this time during the development process, and provide guardrails so that if it doesn’t conform to the policies and it doesn’t comply, they can prevent a deployment and provide developers with accurate, fixed recommendations on how to better secure their code,” Costica said.

Costica said Wiz differentiates itself through its exclusive focus on cloud security and rapid innovation, with the company’s platform ensuring consistent policy enforcement across all cloud environments. And Wiz’s threat research initiatives, such as threats.wiz.io, provide customers with actionable insights into cloud-specific vulnerabilities, according to Costica.

“Wiz is the only company that has basically raised $1.9 billion only to solve cloud security, because we believe this is a problem that is not only big enough now, it’s actually going to grow even bigger,” Costica said. “Technology innovation and adoption happens mostly in the cloud; this is where new things happen.”

‘If the Policies Aren’t the Same, It Doesn’t Help the Customer’

Lee Klarich, chief product officer of Palo Alto Networks, said the company has focused on integrating tools across the cloud security life cycle from development to runtime, reducing complexity and eliminating the reliance on multiple vendors. He said organizations benefit from fewer tools to manage, integrated reporting, better cross-functional insights and consistent policy enforcement across environments (see: Nikesh Arora on Why Palo Alto Networks Is Buying Talon, Dig).

“We’re going to continue to integrate across the value chain, all the way from initial development to in-production and runtime to the SOC and security operations,” Klarich told ISMG. “The more we can integrate across all four of those core disciplines required to secure the cloud, the greater we will be able to address these security challenges.”

Like Wiz, Klarich said Palo Alto Networks has integrated AI-SPM to help customers monitor and secure AI tools deployed in their cloud environments as well as DSPM to help organizations secure sensitive data. Klarich said Prisma Cloud eliminates the need for separate tools for each cloud provider and integrates with network firewalls to map applications and detect vulnerabilities across clouds.

Platforms such as Prisma Cloud must address integration challenges to ensure solutions operate cohesively, with the alignment of policy management across tools remaining a critical focus area, Klarich said. Prisma Cloud’s integration of container security startup Twistlock and cloud threat defense startup RedLock ensures unified policies between development and production environments.

“What we have to do is have the discipline to actually do the hard integration work and to make sure that these products actually get fully integrated into the platform such that it is seamless, such that you have a unified experience for the administrators and users,” Klarich said.

Prisma Cloud has evolved by learning from customer deployments and gradually improving its offerings, with a focus on providing best-in-class capabilities while integrating acquired and internally developed technologies, Klarich said. Prisma Cloud’s ability to trace vulnerabilities from development to production ensures a holistic view of security risks.

“We can bring the product in, but if the policies aren’t the same, it doesn’t help the customer,” Klarich said. “So by integrating it, we actually can make those policies the same, which means that what we detect in development and what we detect in production use a common language and a common rule set.”

Prisma Cloud is often deployed alongside other Palo Alto Networks solutions, such as Cortex XDR and cloud next-generation firewalls, to enhance threat detection and visibility across an organization’s infrastructure, Klarich said. He highlighted that these adjacent solutions are pre-integrated, reducing deployment complexity and improving overall security posture.

“We’ve seen a 66% increase in attacks on the cloud year-over-year,” Klarich said. “So attackers are realizing that the cloud is where a lot of the actions at, and that’s what they’re focused on. And so the importance of having best-in-class attack, prevention, detection, investigation and response capabilities has only increased.”

‘CSPM Doesn’t Tell You if Something’s Actually Gone Wrong’

Elia Zaitsev, chief technology officer at CrowdStrike, said the company addresses the full life cycle of cloud protection from development to runtime, which is essential for addressing the unique and interconnected challenges of cloud environments. Given that adversaries exploit gaps in siloed tools and many cloud breaches originate from misconfigurations, Zaitsev said an integrated framework works best (see: Transform Traditional Security Models With AI-Integrated SOC).

“We take an adversary-centric view of the world,” Zaitsev told ISMG. “Adversaries don’t care where your tools are, what your budget is, who’s running them. They’re just trying to compromise you.”

CrowdStrike uses both in-house development and acquisitions to boost its cloud security offerings, with the development of solutions for containers and Kubernetes and creation of AI-specific security tools for LLMs and AI workloads being examples of the former. CrowdStrike focuses on unified user experiences, single sign-on and data harmonization while integrating ASPM, DSPM and SSPM acquisitions, he said.

“Falcon cloud security is all integrated into a single platform, not like platformization, where you’ve got one console for this, one console for that,” Zaitsev said. “One user is able to work with all this information, trace an incident and look at the root cause on a single platform.”

CrowdStrike offers a more complete solution than standalone cloud security vendors by addressing more than just CSPM, which Zaitsev said is valuable for identifying potential vulnerabilities but lacks the ability to detect and respond to active threats. Zaitsev said CrowdStrike covers both cloud and on-premises environments and integrates multiple data sources into a single incident workbench.

“CSPM doesn’t tell you if something’s actually gone wrong,” Zaitsev said. “It tells you that something could go wrong and you want to maybe go fix it before that happens. It’s really analogous to vulnerability management in the cloud. A lot of those pure-play vendors are just incomplete. It’s a nice piece of technology, but it doesn’t actually solve the problem holistically.”

Organizations already using CrowdStrike for on-premises endpoints naturally extend to cloud workloads, Zaitsev said, while startups or cloud-native companies often begin with Falcon Cloud Security, particularly if their infrastructure is primarily in the cloud. Customers starting with Falcon Cloud Security often adopt additional modules such as SIEM and identity protection to expand their coverage, Zaitsev said.

“Where CrowdStrike seems to have got some shine is in threat detection and runtime,” Sanchez said. “Now, all of these players are starting to try to go after that totality, whether it be development, whether it be deployment, which is more posture management, or whether it be runtime, and being able to protect the cloud assets at runtime. So, CrowdStrike comes in through that mechanism.”