Today’s enterprises continue to move to the cloud and take advantage of emerging cloud native architectures. In the Palo Alto Networks 2022 State of Cloud Native Security Report, where we interviewed over 3000 global security, infrastructure, and DevOps practitioners, respondents shared that they expect to host 68% of their workloads in the cloud within two years, which is consistent with last year’s expectation of 65%.
Additionally, the number of workloads hosted in PaaS and serverless stacks rose 20 percentage points while use of containers and containers-as-a-service saw more moderate growth. Overall, about half (47%) of organizations use all compute stacks equally, while overall numbers reflected the following for compute adoption:
With the proliferation of these architectures, security, infrastructure, and DevOps teams need a centralized solution to provide visibility and protection across the continuum of cloud native architectures to address vulnerabilities, manage compliance, and enable runtime protection. For example, with a vulnerability like Log4Shell, security teams would quickly want to identify vulnerable applications while also protecting their applications from threats and attacks.
Today, we’re excited to release the latest Cloud Workload Protection capabilities to Prisma Cloud, enabling full lifecycle, full stack protection for cloud native applications. The release includes:
In our Prisma Cloud 3.0 announcement in November, we pre-announced our support for Agentless Security to scan cloud workloads for vulnerabilities, starting with hosts on AWS. This integrated vision helps security teams address visibility and security concerns for their cloud workloads by providing organizations with quick visibility into their security posture without having to deploy agents.
Agentless scanning is an additional, complementary solution in Prisma Cloud that simplifies our approach to visibility across compute assets, in addition to our agent-based protection. Agentless security primarily focuses on snapshot-based scanning, instant visibility into risks and vulnerabilities in your instances and broader coverage across cloud accounts without access to each machine. Runtime protection, including preventative capabilities, is better provided by the live Defender agents on the hosts. Both agent-based and agentless protection is the solution for comprehensive security.
Agentless scanning works off cloud provider APIs and disk snapshots, and can be initiated easily while onboarding cloud accounts, providing a non-intrusive way to understand security posture. This extends coverage to both active and dormant virtual machines in the public cloud. At launch, Prisma Cloud will support virtual machines on AWS with plans to extend to other stacks and clouds.
Securing cloud virtual machines (VMs) requires a full lifecycle approach to security. At runtime, security teams need to protect workloads from threats, as well as prioritize risk and maintain compliance. These capabilities are delivered by Prisma Cloud through a combination of agent-based protection and agentless scanning to offer users flexibility and choice in how they manage security for their VMs.
Additionally, organization’s DevOps teams want to build golden image pipelines to ensure that vulnerabilities and misconfigurations in VMs are addressed before hosts are deployed. With the latest release to Prisma Cloud, DevOps and security teams can now continuously scan VM image libraries on Microsoft Azure and Google Cloud Platform, with AWS AMIs already supported. This allows users to see vulnerability status, compliance posture, and identify malware before a machine image is run in production. For example, if a machine is running a vulnerable version of apache log4j, the new feature can catch this vulnerability before it is deployed.
Today’s security operations teams are responsible for a growing attack surface and evolving cloud native application portfolio as enterprises move and scale in the cloud. These teams want to quickly and seamlessly analyze and investigate incidents across a wide range of endpoints.
In order to address these challenges, Prisma Cloud integrates across the Cortex portfolio to help organizations better understand their cloud attack surface by integrating with Cortex Xpanse, as well as sending alerts to Cortex XSOAR for automated remediation.
Now, users can take advantage of a new integration with Cortex XDR, where runtime container alerts, runtime host alerts, and incident data is sent to Cortex XDR and the Cortex Data Lake. This integration provides SOC analysts with new, integrated data for analysis and investigation.
As Kubernetes continues to become the de facto control plane for deploying, managing, and scaling containerized applications, DevOps, cloud infrastructure, and security teams want to capture public cloud Kubernetes audits into their security tools for alerting and analysis.
Previously, Prisma Cloud has supported capturing Google Kubernetes Engine (GKE) audit data, and now we are expanding our support to include Amazon Elastic Kubernetes Service (EKS) and Microsoft Azure Kubernetes Service (AKS).
Users can implement pre-built or user-created rules to alert on audit criteria. Prisma Cloud enhances previous audit data that was captured to surface fine-grained event audits, all mapped to our ATTACK dashboard.
With the new enhancements to vulnerability management, teams now have increased granularity to add tags for different scopes for enhanced reporting and management of CVEs.
According to Forrester’s recent Analytics Business Technology Survey, 2020, web application exploits, such as SQL injection, cross-site scripting, and remote file inclusion, are the most common forms of external attack. Protection for web applications and APIs continues to evolve as organizations adopt containers, Kubernetes, and serverless architectures. In these ephemeral environments, managing additional agents, gateways, and appliances becomes challenging for traditional security and application security teams.
In order to provide integrated, best-in-class protection for modern applications, Prisma Cloud delivers powerful Web Application and API Security capabilities that include coverage for the OWASP Top 10, API protection, bot risk management, and advanced DoS protection.
With the latest release of Prisma Cloud, we’re now delivering a Web Application and API Security dashboard to highlight real-time and historical metrics, alert details, and policy management along with our recent API observation and unprotected web applications views. In addition, customers leverage gRPC protection out of the box without any additional configuration.
To learn more about the latest enhancements to Prisma Cloud, request a hands on demo or join us at our Code to Cloud Virtual Summit on March 23-24.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.