LIVE · cybersecurity feed
cloud securitymedium

5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management

zeroday.news·2d ago
ShareXLinkedInWhatsAppFacebook

Cloud Security Posture Management (CSPM) is undergoing a significant transformation, moving beyond its traditional role of periodic compliance checks to become a continuous, risk-based governance layer integrated into Cloud Native Application Protection Platforms (CNAPPs). This evolution is driven by the increasing interconnectedness of cloud environments and the demand for faster risk reduction with fewer tools. The CSPM market is anticipated to experience substantial growth, with projections indicating a rise from $2.82 billion in 2025 to $6.96 billion by 2030, reflecting a compound annual growth rate of 19.8%.

CNAPPs consolidate various security controls, including posture management, workload protection, and identity and entitlement management, to secure applications throughout their lifecycle. Frost & Sullivan's analysis identifies Microsoft as a leading CSPM provider, noting its integrated approach that aligns posture management with workload protection, identity, and data security within a broader CNAPP framework. This aligns with the shift from point-in-time compliance to continuous risk management.

Key insights from the Frost Radar report indicate that CSPM is becoming the foundational governance layer for CNAPPs. Modern CSPM solutions are expected to offer continuous visibility across IaaS, PaaS, and SaaS environments, correlate misconfigurations with identities, vulnerabilities, and data exposure, and feed posture context into runtime protection and incident response workflows. The focus is shifting towards unified visibility that connects posture findings with other security signals to streamline investigations.

The market is also moving beyond basic compliance to risk-based prioritization. Leading solutions are now expected to continuously assess risk, reduce alert fatigue through contextual correlation, and prioritize remediation based on exploitability and business impact. Organizations are increasingly leveraging CSPM for ongoing risk reduction, with compliance reporting becoming an outcome of stronger security controls.

Code-to-cloud visibility is now a mandatory requirement, emphasizing the need to embed posture management earlier in the application lifecycle. This includes scanning infrastructure-as-code (IaC), enforcing policy-as-code, and integrating with CI/CD pipelines to prevent misconfigurations before deployment and detect drift in dynamic environments. Clear ownership mapping is crucial for routing issues to the appropriate development teams.

Multicloud complexity is driving platform consolidation, as fragmented tools and siloed data create blind spots. Buyers are consolidating point products into integrated CNAPP platforms that correlate posture, workload, and identity signals. This platform convergence improves visibility across hybrid and multicloud environments, reduces tool sprawl, and enhances SecOps efficiency.

Artificial intelligence (AI) is reshaping CSPM by enabling operational efficiencies such as alert prioritization and guided remediation. Furthermore, CSPM capabilities are expanding to include AI workload posture management, covering models, pipelines, and related infrastructure to address emerging risks like prompt injection and data leakage.

For security leaders, CSPM is evolving into a strategic control layer for managing cloud risk across the entire application lifecycle. When evaluating CSPM capabilities, questions should focus on the ability to correlate posture findings with other security contexts, embed security guardrails into development pipelines, integrate posture insights into SOC workflows, and continuously prioritize risk across multicloud environments.

cloud securitycspmcnappcybersecurity trendsrisk management
ShareXLinkedInWhatsAppFacebook
← Back to latest

More News

view all →
zeroday.news · 52m ago·high

Accenture Confirms Security Incident After Hacker Claims 35GB Source-Code Theft

Accenture has acknowledged a security incident after a threat actor advertised what they claim is stolen internal data. The attacker, using the alias "888", says they took more than 35GB of source code and cloud credentials from the consulting giant and are offering it for sale. Accenture says it has addressed the source of the issue and that its operations were not disrupted.

zeroday.news · 4h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 4h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 4h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 5h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 5h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.