Cloud Native / Cloud Services / Security

Palo Alto Networks Rolls Out Prisma Cloud 3.0

19 Nov 2021 10:00am, by

According to Gartner “By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020.” So, what are you going to do to defend them? Palo Alto Networks (PANW) suggests you use the latest version of its cloud native security platform, Prisma Cloud 3.0.

What Prisma Cloud has always brought to the security table is a platform to secure your cloud native infrastructure and applications with a single dashboard. It offers, the company claims, comprehensive visibility and threat detection across your organization’s hybrid, multicloud infrastructure. With a customer base that includes 77% of the Fortune 100, many enterprise cloud users believe PANW can deliver on its promises.

Prisma Cloud has earned its reputation by proactively addressing cloud misconfigurations by embedding Infrastructure as Code (IaC) security and code fixes directly into developer tools across the development lifecycle. As Ankur Shah, senior vice president of product management for Prisma Cloud at PANW, explained, “We developed Prisma Cloud as a fully integrated platform with best-of-breed capabilities that help our customers stay one step ahead of attackers and threats as their security needs evolve.

Of course, as PANW is the first to admit, IaC has also led to a new generation of security problems. With IaC’s great power has come great responsibility, and not all of us can live up to Spider-Man’s credo. As PANW’s recent Unit 42 Cloud Threat Report found 63% of templates used in building cloud infrastructure contained misconfigurations that can expose environments to vulnerabilities. But with Prisma Cloud, you can control that power responsibly.

Prisma Cloud 3.0 does this, Shah added, “by securing the cloud environments from development to runtime in a single platform, shifting security left to proactively address issues that begin in development.”

Specifically, the new Prisma Cloud does this by:

  • Infrastructure as Code (IaC) Security: Addressing cloud risk earlier to reduce the burden on both developers and security teams. With Prisma Cloud IaC Security, IaC scanning and code fixes are embedded directly into developer tools across the development lifecycle.
  • Agentless Scanning for Flexible Cloud Workload Protection: Providing visibility into an organization’s cloud workload and application risks to complement existing agent-based protection. This is in addition to PANW’s agent-based protection. Agentless scanning can be initiated while onboarding cloud accounts to provide a non-intrusive way of understanding security posture from the start.
  • Cloud Infrastructure Entitlement Management for Azure: Net-effective permissions analysis and Azure Active Directory integration extend our existing IAM Security capabilities beyond AWS.
  • Pre-Defined Rules and Automated App Profiling for Identity-Based Microsegmentation: Including predefined rules and automated policy creation to simplify and accelerate any microsegmentation adoption.
  • Adoption Advisor Dashboard: Helping organizations operationalize Prisma Cloud with a dashboard that provides guidance on how to discover and unleash the power of the product as well as to measure the implemented value.
  • Rapid Risk Discovery: Reducing the time needed to identify and remediate misconfigurations from hours to minutes by detecting event-driven configuration changes as they occur, instead of solely relying on the more traditional polling architecture.

It all sounds great, but you should know that Prisma Cloud 3.0 is a work in progress. While CIEM for Azure users is in general availability already, the Infrastructure as Code Security and Agentless Security won’t appear until January 2022 and Adoption Advisor is still in beta and no date’s been given for general availability.

As Melinda Marks, Enterprise Strategy Group senior analyst for Cloud and Application Security, said “The new capabilities from Prisma Cloud will help customers scale modern development as they can deploy more secure infrastructure and applications in cloud environments.” But those new capacities are still a few months away. Come that day, I expect it to be a winner.