Incumbent Bundles Pressure CNAPP Specialists
Orca Security
Aggressive CNAPP discounting shows that cloud security has become a retention tool for big platform vendors, not just a standalone product category. A company like Palo Alto Networks can treat Prisma Cloud as part of a larger account package, because it already sells firewalls, SASE, and SOC software into the same security team. That lets incumbents defend broad enterprise contracts on price, while forcing cloud native vendors like Orca to win on faster deployment, cleaner workflows, and better signal quality.
-
The core economic advantage is cross subsidy. Orca starts around $50,000 a year for workload scanning, while a large incumbent can absorb that budget line if it protects a much bigger network or platform renewal. In practice, free CNAPP is a way to stop a customer from opening the door to a specialist vendor.
-
The incumbents were not standing still. Palo Alto Networks positioned Prisma Cloud as a broad CNAPP that combines CSPM, CWPP, CIEM, and adjacent cloud controls, then added Dig Security for DSPM. CrowdStrike added Bionic for ASPM, and Cisco added Lightspin for cloud security, so the bundle kept getting wider.
-
This pricing pressure helps explain why the independent cloud security field consolidated so hard. Wiz grew into the enterprise with very large contracts, while Lacework was eventually sold to Fortinet for an estimated $200M to $230M after reaching about $70M to $90M ARR. Scale and distribution mattered as much as product depth.
Going forward, the winners in CNAPP will be the vendors that turn cloud security from a pile of separate checks into a daily operating system for the security team. Incumbents will keep using bundles to hold the account, and specialists like Orca will keep pushing agentless ease of use and sharper prioritization to break into those same enterprise budgets.