Announcing New Cloud Security Capabilities: A Consistent, Automated Approach for Securing Multi-Cloud Environments

Anuj Sawani


At Palo Alto Networks we have committed to helping organizations accelerate their move to the cloud. And today, we’re taking another big step forward.

With the expansion of our comprehensive cloud security offering, we can now deliver consistent, automated protections across all three major public cloud environments, which prevent data loss and business disruption and meet a number of needs our customers have asked for. This expansion includes the ability to integrate into the cloud app development lifecycle, making cloud security frictionless for the development and security teams.

Let’s talk about why this is so important.

 

Rethinking Security for the Public Cloud

For many organizations, the public cloud has become the sole route to market for new application deployment, which, in turn, is reducing their data center footprint. Along with that, developers now increasingly leverage easy-to-consume PaaS components, in addition to on-demand IaaS components, to harness the true efficiency of the cloud.

This trend is causing all of us to rethink security for our cloud apps and realize that what’s available the market today is insufficient: clunky approaches, pieced together from multiple vendors, resulting in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections.

This level of human intervention increases the likelihood for human error, leaving organizations exposed to threats and data breaches. What’s more, security tools that are not built for the cloud significantly limit the agility of your development teams.

 

3 Key Capabilities

Ideally, cloud security should speed application development and business growth while preventing data loss and business downtime. This requires three key capabilities to be successful: advanced application and data breach prevention, consistent protection across locations and clouds, and “frictionless” deployment and management.

securing multicloud envrionments

Our cloud security approach addresses all three capabilities, and we achieve this with inline, API and host protection technologies working together to eliminate the wide range of cloud risks.

Our new release includes the following:

  • Consistent protections across locations and clouds: For the first time, our Next-Generation Security Platform will extend cloud workload protections to the Google Cloud Platform, in addition to enhancing our existing capabilities for AWS and Azure environments.
  • Cloud-resident management with Panorama: Panorama now supports all major cloud environments. This provides flexibility for customers to deploy security management within their cloud architecture. They have multiple options including Panorama on-premise with distributed Log Collectors for a hybrid approach, or Panorama within their cloud environment for a cloud-only approach.
  • Better integrations for frictionless workflows in multi-cloud environments: Adding enhanced auto-scaling for AWS along with support for Azure Security Center and Google Cloud Deployment Manager simplifies security deployments and enables scaling based on changing cloud demands. Integrations with tools such as Terraform and Ansible automate workflows and policy management across clouds.
  • Continuous security with Aperture for all three major cloud environments: Aperture now helps to prevent data loss and enables compliance for public clouds. It achieves this by enabling discovery of cloud resources, providing advanced data classification, monitoring for risky or suspicious administrator behavior, and adding more protection against security misconfigurations and malware propagation.
  • Prevention of zero-day attacks: Traps advanced endpoint protection can now prevent zero-day attacks for Linux workloads across all three major cloud environments, in addition to its existing support of Windows workloads.

That’s just the start of new capabilities for cloud and SaaS security we’re pleased to be able to offer. To learn more about these new features and our advanced approach, visit our cloud security page.

 

Availability

Updates to VM-Series virtualized next-generation firewalls, Aperture security service, Panorama and Traps are targeted for general availability in March 2018.

 

For more:

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42