A New Approach to the Firewall for Protecting Cloud Native Services
Prisma Cloud from Palo Alto Networks sponsored this podcast.
Palo Alto Networks is providing a new approach to protecting APIs and Web applications with the release of its Web Application Firewall, an extension of its Prisma Cloud cloud native security platform.
Hosted by Alex Williams, founder and publisher of The New Stack, this edition of The New Stack Makers podcast features Ory Segal, senior distinguished research engineer, Palo Alto Networks, discussed how the WAF module and Prisma in general addresses security in today’s highly distributed cloud native environments.
Within Prisma Cloud, the traditional concept of firewall security no longer applies. Indeed, while firewalls were previously applicable for protection of environments with closed perimeters, such as local area networks (LANs), Palo Alto Network’s so-called firewall protection is something altogether different.
“Part of the functionality is actually a web application firewall, which is very different from what our listeners are probably used to,” said Segal. “The word ‘firewall’ is a bit dated, but as you will see, the concepts that we are presenting here are completely new and are for completely new-and-modern environments.”
In cloud native environments, since “there’s no longer any perimeter,” Segal said security involves protecting cloud assets, including containers, serverless and other ephemeral and distributed environments. “You have clusters coming up and down being deployed in one region or another and some of the workloads are running in private cloud or on-prem, while some are in public clouds,” said Segal. “And so deploying the traditional firewall in the legacy, traditional sense of the word, is no longer possible — you need to come up with a new novel approach.”
In addition to API protection, access control, file upload control, detection of unprotected web applications and other features, WAF offers a “penalty box” for attackers that can “ban” attackers’ access on an as-need basis.
“So, once we detect that an attacker or a user or a client is doing malicious actions, users can decide to take action in the form of a ban and that would put the malicious user on the inside in the penalty box for five minutes. Now, it’s not only annoying for the attacker, since they have to stop every five minutes to continue with the attack, it’s also a very cool protection layer because most of the time attackers will not start with their most sophisticated attack payloads, and will instead start by probing and sending reconnaissance probes,” said Segal.
“And those probes will already trigger the ‘ban’ action, and we’ll put them on the inside for five minutes. And then it doesn’t matter if then they pull out the big gun or big trick or the sophisticated attack, since those will be automatically and categorically blocked, because they’re in the penalty box, which again, is a very good defense against such attacks.”