Cloud Services / Security / Technology

Palo Alto Networks’ Prisma Cloud Adds Advanced Container Image Sandboxing

16 Sep 2021 3:00am, by

The joy of high-speed continuous integration/continuous delivery (CI/CD) is in the adjective: High-Speed. But, at the same time, if you regularly pull images from third-party registries to speed up your development, you’re also opening the door to crooks and creeps. What to do, what to do! Palo Alto Networks (PANW) latest answer is to add advanced container image sandboxing to Prisma Cloud.

This enables you to do continuous testing, AKA shift-left testing in pre-deployment sandboxes. Within this sandbox, Prisma Cloud uses machine learning (ML) to examine the images you’re using in your deliverables. The ML program automatically analyzes the actual runtime for dynamic threats, learning all your running processes, the image’s network activity, and all filesystem access to build an in-depth model of what the image will do in production.

The analysis results are sent to both the CLI and the Console UI. With this, you get insight and control over the images long before you bring them into a live environment.

The Prisma Cloud Command Line Interface (CLI), twistcli, enables you to scan images for vulnerabilities, compliance issues, malware, and secrets right from a developer’s laptop.

In addition, Prisma Cloud has expanded its Auto-Detection and Auto-Protection capabilities for standalone VMs from AWS to include Azure and Google Cloud as well. With Auto-Protection, Prisma Cloud greatly reduces the efforts needed to manually configure, deploy, and update host security agents.

The program’s Web Application and API Security (WAAS) Web Application Firewalls (WAFs) has also been improved. True, WAFs aren’t all they are cracked up to be, but PANW’s also covers the OWASP Top 10 and comes with API security capabilities, advanced DoS protection, and bot risk management.

With this latest update, these capabilities have also expanded to protect Windows hosts, including Windows Server 2019 LTSC. Additionally, WAAS now automatically supports installing on service meshes such as Istio or Linkerd. In short, Prisma’s WAAS capabilities are for the DevOps generation and not the pre-cloud native tech world.

In addition, the WAAS functionality also now provides detailed information on the health and throughput of your APIs including application response codes, traffic and performance details, TLS certificate status, and customizable log sanitization. Basic? Yes, but you’re much more likely to be attacked via fundamental attack surfaces than you are by the latest hot, but obscure, security vulnerability.

Besides all this, Prisma Cloud now includes:

  • App-Embedded Defender Forensics for new workload types such as AWS Fargate, Azure Container Instances, Google Cloud Run, and Google Kubernetes Engine Auto-Pilot. This feature brings customer runtime rules and our extensive forensic data collection to all these compute stacks.
  • Amazon Machine Image (AMI) scanning improvements: Now, Host Security capabilities are expanded to cover custom AWS Virtual Private Clouds (VPCs) and even encrypted AMIs.
  • Serverless Security: The latest release includes Serverless Auto-Protect v2 and support for Ruby 2.5 and 2.7 in Serverless Defender.

Put it all together and you have a release that, if you’re already a Prisma Cloud user, should have you seriously consider upgrading. And, if you’re not a customer yet, look into adding it to your cloud’s protective coat.

A newsletter digest of the week’s most important stories & analyses.