Palo Alto Networks announced Prisma Cloud 3.0, an integrated platform to shift security left—significantly improving organizations’ entire cloud security posture by reducing security risk at runtime.
With a customer base that already includes 77% of the Fortune 100, the most complete Cloud Native Application Protection Platform (CNAPP) now also offers organizations cloud code security to embed critical protections in the development process, agentless security to complement existing agent-based protection, and Cloud Infrastructure Entitlement Management (CIEM) for Microsoft Azure.
The rate of development and introduction of new cloud applications is increasing exponentially as organizations accelerate cloud adoption. Yet a single misconfiguration in the code templates that development and DevOps teams rely on can lead to thousands of alerts in runtime that security teams must then address.
Prisma Cloud 3.0 proactively addresses such misconfigurations by embedding Infrastructure as Code (IaC) security and code fixes directly into developer tools across the development lifecycle.
“We developed Prisma Cloud as a fully integrated platform with best-of-breed capabilities that help our customers stay one step ahead of attackers and threats as their security needs evolve,” said Ankur Shah, senior vice president of product management, Prisma Cloud at Palo Alto Networks. “Prisma Cloud 3.0 takes that commitment even further. Our recent Unit 42 Cloud Threat Report shows the extent of emerging Cloud Code security risks: we found 63% of templates used in building cloud infrastructure contained misconfigurations that can expose environments to vulnerabilities. Prisma Cloud’s new capabilities secure cloud environments from development to runtime in a single platform – shifting security left to proactively address issues that begin in development.”
Earlier this year, Gartner created the CNAPP category, stating that “optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection,” and urging organizations to evaluate “cloud-native application protection platforms that provide a complete life cycle approach.” With capabilities already representing all five of Gartner’s CNAPP categories, we believe Prisma Cloud 3.0 extends its position as the most complete CNAPP with further capabilities, including:
- Infrastructure as Code Security, enabling developer and security teams to address cloud risk earlier. With Infrastructure as Code Security, IaC scanning and code fixes are embedded directly into developer tools across the development lifecycle.
- Agentless Security, providing visibility into an organization’s cloud workload and application risks to complement existing agent-based protection. Prisma Cloud is the industry’s only CNAPP to offer both agentless and agent-based security built into the same platform, with rules and results managed from and surfaced in a single UI, combined with the flexibility for customers to mix and match different protection types across their cloud environments.
- Cloud Infrastructure Entitlement Management (CIEM) for Microsoft Azure, including net effective permissions analysis for Azure and Azure Active Directory integration to ensure over-permissioned cloud accounts, dormant permissions, or cloud identity issues are addressed across clouds. This new functionality joins already existing functionality available for Amazon Web Services.
- Automated Policy Generation and Out-of-the-Box Rules for Identity-Based Microsegmentation, including pre-defined rules and automated policy creation to simplify and accelerate any microsegmentation adoption.
- Adoption Advisor, helping organizations operationalize Prisma Cloud with a dashboard that provides guidance on how to discover and unleash the power of the product as well as measurement of the implemented value. The initial release of Adoption Advisor covers Cloud Security Posture Management (CSPM) capabilities in Prisma Cloud with plans to expand to other areas of the platform in the future.
- Rapid Risk Discovery, reducing the time needed to identify and remediate misconfigurations from hours to minutes by detecting event-driven configuration changes as they occur instead of solely relying on the more traditional polling architecture.
“For security to keep up with the velocity of modern software development, it’s important to have integrated security controls across the development lifecycle – helping developers release code that is tested and secure, and to quickly correct security issues as they are found in runtime,” said Melinda Marks, Sr. Analyst, Cloud and Application Security, Enterprise Strategy Group. “The new capabilities from Prisma Cloud will help customers scale modern development as they can deploy more secure infrastructure and applications in cloud environments.”
“Prisma Cloud has helped us rapidly expand our cloud security program to reach the current maturity level,” said Birat Niraula, Regional Co-Head, Platform Security Architecture, Goldman Sachs. “We believe the new enhancements to Prisma Cloud will empower us to provide comprehensive coverage and adopt more proactive strategies for securing our multi-cloud environment.”
The following capabilities will be available globally: CIEM for Azure users is GA as of October, Infrastructure as Code Security in January, Agentless Security in January, and Adoption Advisor is in Beta now.