Palo Alto has announced that Prisma Cloud is to secure unprotected cloud workloads and improve container security. The new capabilities are part of the 21-04 (April ‘21) release. Palo Alto releases new updates and capabilities every month. The 21-04 release includes improved automation and detection of threats and simplified compliance checks. There is also deeper visibility into malware threats for containers and hosts. The latter is especially important as malware attacks against containers continue to grow.
Varun Badhwar, senior vice president for product, Prisma Cloud, Palo Alto Networks, said: “Organizations currently have large amounts of unprotected workloads and no efficient or unified way to secure them. Often, they are managing multiple, single-purpose security solutions to protect these workload stacks, which can create operational burdens and security gaps.
“Today’s new capabilities further our commitment to deliver comprehensive cloud workload protection across hybrid and multi-cloud environments. DevOps teams can now efficiently build and deploy their workloads and applications rapidly, while helping security teams deliver protection.”
What is Prisma Cloud?
Prisma Cloud is a cloud-native security platform. It provides protection for an enterprise’s cloud technology stack, including data and applications. It is also a multi-cloud solution supporting on-premises clouds in addition to AWS, Azure and GCP. With enterprise IT departments increasingly having to support multi-cloud environments, it provides a single tool to manage security posture.
The platform uses the cloud providers API’s to access network traffic, user activity and see how services are configured. The latter is especially important as the majority of cloud breaches are caused by misconfigured services.
The platform is able to run as either a self-hosted solution or as a Software as a Service (SaaS) solution. Both versions support host, container and serverless deployments and can be managed for you (SaaS) or self-managed through the self-hosted option.
What new capabilities has Palo Alto added?
Palo Alto has outlined five new capabilities:
Auto-Detection and Auto-Protection for Hosts: Prisma Cloud now automatically detects unprotected virtual machines (VMs) running on AWS, Microsoft Azure and Google Cloud Platform (GCP). It seamlessly deploys the Prisma Cloud Defender agent to help ensure that VMs are not left unprotected.
The Industry’s First Comprehensive Attack Framework Spanning Threats to Cloud-Native Workloads: Prisma Cloud’s new interactive dashboard extends the MITRE ATT&CK framework to provide a consolidated view of the entire cloud-native application portfolio. This helps organizations evaluate their defense against specific threat scenarios and provides incident response and remediation capabilities. This attack framework was developed by Palo Alto Networks Unit 42 threat research and consulting team.
Anti-Malware Capabilities at Runtime and During Continuous Integration and Delivery (CI/CD) Scenarios: Prisma Cloud now includes Palo Alto Networks WildFire intelligence to provide an additional layer of runtime protection and deeper visibility into malicious malware threats with new anti-malware and prevention capabilities for host and containers, beginning in the build process before the software is deployed.
Simplified Compliance for Hosts, Containers and Serverless Applications: Prisma Cloud Compliance Explorer simplifies compliance visibility across leading frameworks and CIS (Center for Internet Security), including new updates to the latest benchmarks, which join the existing six certifications. In addition, a new user interface delivers a compliance solution for implementing Docker DISA STIG (Defense Information Systems Agency Security Technical Implementation Guide).
Open Source License Analysis and Expanded Software Composition Analysis: Prisma Cloud adds support for scanning code repositories with the twistcli command-line interface. There is also new support for scanning GitHub Enterprise repositories. Additionally, Prisma Cloud includes advanced license detection to identify open-source licenses in packages, combined with license compliance rules, to monitor and manage usage within an organization.
Enterprise Times: What does this mean
As organisations move to a mix of hybrid clouds and multi-cloud, management becomes complicated. From a security standpoint, complicated is a recipe for errors resulting in successful attacks and data breaches. What Palo Alto is doing here with Prisma Cloud is providing a single tool that can be deployed by an enterprise. It gives visibility across the whole cloud environment that the enterprise has.
There are four big callouts from this update.
- It has shifted left the anti-malware capabilities to fit in with DevOps and CI/CD. This will help organisations detect risk earlier, especially as there is a concerted attempt to embed malware into open-source code. It will also help prevent the sort of supply chain attack that impacted N-Able (SolarWinds) by doing checks before the build phase of software.
- Auto-detection of unsupported VMs running on AWS, Azure and GCP.
- Extending the MITRE ATT&CK framework to provide visibility into an organisation’s cloud-native application portfolio. It will help speed up detection, response and remediation of attacks.
- The monitoring of open-source licences and how they are used. As open-source usage has soared, companies have struggled to know what they are using. This makes it hard to patch and maintain their code libraries. Additionally, understanding the licence rules under which the open-source packages can be used is important. It is important that companies know what their obligations are to the open-source community.