With the rollout of Prisma Cloud in November 2019, Palo Alto Networks announced a new category in cloud security – the Cloud Native Security Platform (CNSP) – for securing cloud native applications. Today, our release of Prisma Cloud 2.0 presents an evolution in the space with four new functionality modules and further platform alignment with key user needs and market categories.
Cloud Security Posture Management
Cloud Security Posture Management (CSPM) leverages data from public cloud service providers to deliver continuous visibility, security policy compliance and threat detection across cloud resources, users, data and applications. CSPM includes shift-left capabilities to scan infrastructure-as-code (IaC) templates across the application lifecycle.
Cloud Workload Protection
Cloud Workload Protection (CWPP) helps secure cloud native applications across the application lifecycle, defined by the requirement to protect hosts (VMs), containers and serverless from a single console.
Cloud Network Security
Cloud Network Security (CNS) helps protect cloud networks and applications, combining network visibility and microsegmentation for full-stack network security across multi- and hybrid-clouds.
Cloud Infrastructure Entitlement Management
Cloud Infrastructure Entitlement Management (CIEM) enables visibility and control over cloud identities to ensure least-privileged user access governing cloud resources, compute and data.
The Need for a Cloud Native Security Platform
We're releasing Prisma Cloud 2.0 to support the many enterprises that are actively embracing multi-cloud architectures across various compute paradigms. According to the 2020 State of Cloud Native Security Report, infrastructure and security leaders shared:
- They are in a multi-cloud world: 94% of respondents shared they are using more than one cloud platform, with 60% stating they use between two and five cloud platforms.
- Organizations are also leveraging multiple compute offerings: According to our survey, 86% of organizations expect their usage of cloud workloads to increase or stay the same, using a combination of VMs, containers, containers-as-a-service (CaaS) and platform-as-as-service (PaaS)/Serverless architectures.
As organizations march forward in their multi-cloud and multi-compute reality, they require new capabilities to implement consistent cloud security policies and manage risk holistically. These needs are best met through a single, comprehensive platform – indeed, 51% of high-performing organizations in the report said a single end-to-end solution would improve their cloud security posture.
These organizations have a need to eliminate overhead associated with maintaining open source and point solutions, and eliminate the visibility gaps in a disjointed security stack. Consolidated platforms can also reduce alert fatigue and help control shadow IT associated with complex multi- and hybrid-cloud environments.
Four New Modules Integrated Within Prisma Cloud 2.0
This latest release further allows organizations to implement consistent cloud security policies, all within a single solution and controlled from one dashboard. Below, we highlight the latest capabilities added to Prisma Cloud for its 2.0 release.
Data Security: Discovery, Classification and Malware Detection for AWS S3
Prisma Cloud Data Security is purpose-built to address the challenges of discovering and protecting data at the scale and velocity common in public cloud environments. These new capabilities reduce the burden on security teams by providing a cloud native solution that leverages Palo Alto Networks Enterprise DLP engine to help easily discover and protect sensitive data stored across public cloud environments. The Data Security module also uses Palo Alto Networks industry-leading WildFire service to detect known and unknown malware that may have infiltrated the customer’s Amazon Web Services Simple Storage Service (AWS S3) buckets.
At launch, Prisma Cloud Data Security will enter limited GA and be available to a subset of Prisma Cloud Enterprise Edition customers.
Web Application and API Security: Protecting Web Applications and APIs from Attacks
Cloud native applications are made up of a combination of containers, functions and underlying host compute resources, and require protection for front-end facing web applications and APIs. The latest release integrates Web Application and API Security into the Prisma Cloud unified agent framework.
Users can protect applications against the OWASP Top 10 critical security risks for web applications, secure APIs from application-layer attacks, implement file upload protection and more – all from a single dashboard integrated with the protection already leveraged today.
Identity-Based Microsegmenation with Aporeto Integration
Following the acquisition of identity-based segmentation leader Aporeto, Prisma Cloud is moving forward with the integration of Aporeto technology in our Identity-Based Microsegmentation module.
Identity-Based Microsegmentation provides end-to-end visibility of network communications to network and cloud security teams, along with comprehensive security policy control and management. In the weeks after launch, the module will enter live preview and be available to a subset of Prisma Cloud Enterprise Edition customers.
IAM Security: Establishing Least Privilege for Cloud Identities
Securing user identity in the cloud presents tremendous challenges for cloud infrastructure and security teams. Improper Identity and Access Management (IAM) configurations, such as overly permissive roles, reusing roles, dormant roles or exposed resources can have profound consequences for cloud security.
With this latest release of Prisma Cloud, users can leverage our IAM Security module to gain visibility into effective permissions and user activity, implement governance over excessive or unused permissions and respond to issues with least-privilege recommendations or automated remediation.
Conclusion
These new modules and capabilities give organizations a single platform for truly powerful security in cloud native development. With Prisma Cloud 2.0, DevOps, cloud infrastructure and security professionals can more confidently secure the innovations that drive user engagement.
To learn more about these latest enhancements and how they fit into our vision for the platform, check out our fireside chat on LinkedIn Live on Oct. 20. Palo Alto Networks product leadership and other industry experts will discuss the latest cloud trends and offer insights on how to protect your cloud native applications.