Palo Alto expands cloud security platform

Palo Alto Networks has bolstered its cloud security software with features that help customers quickly spot suspicious behaviors and trace security issues to their source to better protect enterprise software-as-a-service (SaaS) applications.

The vendor has added a variety of new components, under the moniker Darwin, to its core cloud-security package, Prisma Cloud. The core platform already includes application-security features such as access control, advanced threat protection, user-behavior monitoring, and the ability to code security directly into SaaS applications. Managed through a single console, Prisma Cloud also includes firewall as a service, zero-trust network access (ZTNA), a cloud-access security broker (CASB), and a secure web gateway.

With the Darwin release, Palo Alto is adding vulnerability and remediation capabilities along with upgraded visibility and forensics features. 

“Prisma Cloud and Darwin help customers secure applications from their inception in code to their deployment in the cloud to their active running environments where it identifies, connects and fixes risks at every step,” wrote Ankur Shah, senior vice president and general manager of Palo Alto’s Prisma Cloud business, in a blog about the new software.

“Introduced in the Darwin release, security issues aren’t just identified. They’re traced to their source in code and back, allowing for effective remediation at the origin of risk. To prevent problems from multiplying as applications are built and deployed,” Shah wrote.

Darwin can provide intricate details about a cloud application’s services, including infrastructure assets, compute workloads, API endpoints, data and code that make up the application. This feature, called AppDNA, aims to give customers visibility into every resource component that makes up an application.

It works with another new feature, Cloud Discovery and Exposure Management, that lets security teams discover, evaluate and mitigate unknown and unmanaged internet exposure risks in their cloud environments, Shah said.

The feature highlights rogue assets to provide a comprehensive risk assessment and lets users more efficiently onboard unmanaged assets to Prisma Cloud, helping secure cloud infrastructure against previously unmanaged risks, Shah wrote.

Palo Alto also made improvements to its management interface to help customers more easily trace vulnerabilities, fix them and track their progress. It is a key part of another new feature, Infinity Graph, that makes it easier to understand risks, Shah stated. 

Another feature, called Code-to-Cloud Intelligence, lets customers track risks and develop a roadmap to remediate a problem. 

“Opening tickets for remediation is extremely inefficient, yet still the most common way to resolve issues. With Prisma Cloud, you can immediately fix risks in the cloud and open a pull request for developers to address the issue at the source — preventing it from happening again,” Shah wrote.

“By correlating the security stack across misconfigurations, vulnerabilities, pipeline risks, exposure, identity and secrets, sensitive data, and more, you see the potential attack paths leading to a breach,” Shah stated. “Beyond showing what could go wrong, the graph overlays active attack attempts to show you what’s actually occurring and whether you have protection in place.”

In addition, the new Infinity Graph feature lets customers search and investigate issues by asking any question, perform forensics, and create guardrails, Shah wrote.  

Another new feature, called Code-to-Cloud Dashboard, lets users centrally see and control the entire application lifecycle, down to the supply chain. The main dashboard provides analytics across each stage of the software development lifecycle to aid in decision-making and reporting, Shah wrote.

Palo Alto’s Prisma Cloud competes in the market for cloud-native application protection platforms (CNAPP); Microsoft, CrowdStrike, Zscaler, Orca and many more vendors offer CNAPPs.

“CNAPPs consolidate a large number of previously siloed capabilities, including container scanning, cloud security posture management, infrastructure as code scanning, cloud infrastructure entitlement management, runtime cloud workload protection and runtime vulnerability/configuration scanning,” wrote Gartner in as recent analysis of the CNAPP market.

CNAPP programs are important as the attack surface of cloud-native applications is increasing. Attackers are targeting the misconfiguration of cloud infrastructure (network, compute, storage, identities and permissions), APIs and the software supply chain itself, Gartner stated.

Next read this: