Palo Alto Networks Brings Out-of-Band Web Security to Cloud
Your first question when you read that headline was probably my first question. What is “Out-of-Band” security? Usually, I consider it to be an emergency security patch for a zero-day disaster. For example, when Microsoft steps on its foot and issues a non-Patch Day fix. But, when Palo Alto Networks (PANW), a cloud security provider, announced the addition of Out-of-Band Web Application and API Security (Out-of-Band WAAS) to Prisma Cloud, they’re talking about monitoring web apps and application programming interfaces (APIs) for security concerns from outside their hosting infrastructure. The net result? Secure service delivery without slow performance.
This is a big deal. One of web services’ dirty little secrets is that given a choice between performance, scalability, and security, security is either picked last or left out entirely. As Melinda Marks, Enterprise Strategy Group (ESG) senior application and cloud security analyst, observed, “As organizations increasingly build and deploy their applications in the cloud, protecting their business-critical applications without impacting performance has been a challenge.”
Web service external attacks are nasty and common. In a recent Forrester study, 39% of external attacks are web application exploits. This makes it the most common kind of external attack.
Out-of-Band WAAS
Ankur Shah, PANW Prisma Cloud senior VP, claims that with Out-of-Band WAAS, “Companies no longer have to decide between application security and performance. We are empowering customers with flexible security options that fit their evolving application needs.”
How? By replacing inline Web Application Firewalls (WAF) and point API Security tools with Out-of-Band WAAS. It also provides bot defense and denial of service (DoS) protection. It works by providing an external service to quickly monitor your mission-critical web services without slowing down your performance.
Prisma Cloud also provides enhanced visibility for your infrastructure, workloads, identities, and applications. The goal is to remove your security blind spots in public cloud and multicloud environments.
Key Features
It does this with the following features:
- Multicloud Graph View for Cloud Infrastructure Entitlement Management (CIEM): Discover over-privileged accounts and understand access risk across multicloud environments. Prisma Cloud now provides a graph view of the net effective permissions across AWS, Microsoft Azure, and Google Cloud.
- Multicloud Agentless Cloud Workload Protection: Extend visibility into cloud workloads and application risks across Azure and Google Cloud, in addition to AWS, to complement existing agent-based protection.
- DNS-Based Threat Detection: Surface malicious activity and anomalous behavior in cloud environments. Prisma Cloud Threat Detection now leverages machine learning (ML) and advanced threat intelligence to identify bad actors hiding in DNS traffic.
- MITRE ATT&CK Alert Prioritization: Enable security teams to prioritize risks and incidents based on the industry’s most widely adopted framework.
Out-of-band WAAS is available now for Prisma Cloud Compute Edition. It will be available in the Enterprise Edition over the next month.
