The Prisma Cloud team is continuously innovating. I’m excited to share that today at the Palo Alto Networks Ignite '22 Conference we announced impactful capabilities added to Prisma Cloud to help you secure your application lifecycle from code to cloud.
For improving code and build security, we have a significant shift-left enhancement, Prisma Cloud Secrets Security. Developers use secrets to enable their applications to securely communicate with other services. But hardcoded access keys and other sensitive data often make it into production and become exposed to unauthorized users. With these credentials in hand, a bad actor can gain access to workloads, data, applications, storage and more.
In fact, this past September, The Hacker News reported that hardcoded Amazon Web Services (AWS) credentials have been identified in 1,859 Android and iOS apps, 77% of which had valid AWS access tokens enabling private AWS cloud service access. But secrets come in many forms, such as text keys, access tokens, API keys, certificates, and passwords. Without effective secret management natively integrated in the developer build environment, a consequential breach can occur in production.
I’m pleased to announce that Prisma Cloud Secrets Security is the industry’s first integrated CNAPP solution to combine signature-based secrets detection with a fine-tuned entropy model that leverages string context for high fidelity discovery and alerting.
Prisma Cloud now scans all files, including Infrastructure as Code (IaC) and source code. This solution offers full application lifecycle protection by scanning for hardcoded secrets in code pre-commit, in your version control system (VCS) and continuous integration (CI) pipelines. Additionally, it now alerts on exposed secrets in cloud workloads and resources using built-in runtime policies. My team wrote a deep-dive Secrets Security blog post so you can learn more about implementation and use cases.
I won’t list all the 25+ new features helping our clients secure their application lifecycle across the code and build, deploy, and run stages, but here are a few exciting highlights.
Prisma Cloud has enhanced its Web Application and API Security (WAAS) capabilities with API risk profiling. With this innovation, the Prisma Cloud API Security solution understands and prioritizes risks based on 200+ factors for every API in your environment.
With Prisma Cloud, security operations can auto-discover all the APIs in their environment, understand API risks, identify sources of risk, and prioritize remediation tasks. With prevention-first architecture, Prisma Cloud also delivers real-time protection for the OWASP API Top 10, rate limiting and bad bots.
Due to inconsistent IAM mechanisms across cloud service providers (CSPs) and identities that access cloud infrastructure using identity providers (IdPs) or single sign-on (SSO) tools, these calculations are complex to do manually. Only after understanding net-effective permissions can you enforce least-privilege access to cloud resources – ensuring that if unauthorized users gain access to a role they are limited on the damage they can do.
The CIEM capabilities in Prisma Cloud automate cloud permissions mapping and calculates net-effective permissions. This net-effective permissions score helps you enforce consistent least-privilege access across multicloud environments.
AWS IAM Identity Center helps securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. The integration of Prisma Cloud with IAM Identity Center allows for the ingestion of data from IAM Identity Center and all AWS supported IdPs. Prisma Cloud then aggregates this data with other data sources to automate net-effective permissions mapping so that overly permissive roles are highlighted and least-privilege can be enforced across multicloud environments.
With the addition of container agentless scanning, customers can centralize visibility across hosts, VMs, serverless, and containers.
With Vulnerability Explorer, you can filter the CVE viewer by risk factors. We’ve also added additional environmental risk factors, such as "Exploit in the wild”, for better context, clarity, and improved risk score calculation. Lastly, we’ve improved the mechanism for detecting Remote Code Execution and DoS risk factors.
Approximately 2,000 global customers trust Prisma Cloud to protect their application lifecycle from code to cloud. Prisma Cloud secures over 1.5 billion assets and protects over 2.5 million workloads by processing over 2 billion events every day. Prisma Cloud is continually recognized by the industry.
Frost & Sullivan, in fact, recently evaluated 15 vendors and tools for their ability to protect cloud-native applications throughout the application development lifecycle. According to the Frost Radar Report for Cloud-native Application Protection Platforms, “Palo Alto Networks is one of the first vendors in the market that can provide a full-stack CNAPP platform that delivers all aspects of security for the cloud-native applications.”
The firm also noted, “Prisma Cloud is one of the most comprehensive and marketable CNAPP platforms, providing full security stack protection for cloud environments, including DevOps security, IaC, serverless security, CSPM, CWPP, CIEM and CNWS.”
Watch the webinar Code to Cloud Security Hour: The Rise of the CNAPP to learn more about the latest additions to Prisma Cloud. Or discover the Prisma Cloud advantage firsthand with a hands-on trial.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.