Palo Alto Networks Upgrades Prisma Cloud CSPM
June 8, 2021
updates to Prisma Cloud, Palo Alto Networks Cloud Security Posture
Management (CSPM) solution, help eliminate dangerous cloud blind spots
and free security teams from the burden of alert fatigue. These critical
features are available to the 2,000+ enterprises that trust Prisma
Cloud, as well as future customers.
Cloud environments are growing ever more complex as
organizations add more cloud providers, users, applications and
resources. Most security solutions are not designed for this new world
and lack the end-to-end visibility needed to accurately assess risks and
alert security teams of advanced attacks, leaving them to deal with both
unsecured cloud resources and the cacophony of false-positive alerts.
Today's Prisma Cloud CSPM updates help security teams address these
"Companies don't want to slow down to secure the cloud, and they
shouldn't have to," said Varun Badhwar, senior vice president, Prisma
Cloud at Palo Alto Networks. "An ideal CSPM solution needs to offer
coverage for all cloud resources, should stay up to date as new
resources are introduced, and must effectively detect real attacks while
minimizing unnecessary false positives. Prisma
Cloud addresses these issues and allows organizations to move quickly
while staying secure."
The five new features of Prisma Cloud are:
- True Internet
- Legacy CSPM
solutions generate alerts for any overly permissive security
group — even if the security group is not publicly exposed.
True Internet Exposure provides end-to-end network path
visibility between any source and destination, eliminating
needless alerts associated with unexposed cloud instances
and security groups.
service providers release and update hundreds of new
services for their platforms each year. When organizations
use these new services before their CSPM solution supports
them, they are left with security blind spots. With
Visibility-as-Code, Prisma Cloud
can now support new cloud services in days, providing
development teams with the freedom to take advantage of the
latest cloud services while giving the security teams the
security measures they need.
- Network Data
- Many basic
security solutions solely focus on detecting
misconfigurations based on static rules, so they may not be
effective when it comes to real security attack objectives,
such as data exfiltration. Prisma
Cloud uses machine learning to analyze vast amounts
of network flow logs and understand the typical traffic
pattern of each customer, which is then used to detect and
alert on abnormal egress traffic to any IP address,
including TOR exit nodes. This allows security teams to
focus their remediation efforts on the most dangerous data
exfiltration attacks and avoid unnecessary alert storms.
Compute Provisioning Detection
Security teams need an effective way to detect
and other abnormal provisioning of compute resources.
Anomalous Compute Provisioning Detection can identify the
provisioning of an abnormal number of VMs, which can often
be attributable to either cryptojacking or resource misuse.
The machine learning-based policy also alerts security teams
if a user appears to jump from one location to another or
tries to hide behind a TOR exit node.
Object-Level Scanning for AWS S3
Prisma Cloud assesses
resource configuration and enables customers to scan objects
in their S3 buckets for public exposure, identify sensitive
data and detect malware. Customizable Object-Level Scanning
now gives customers a la carte scanning, freeing them
to self-select specific scanning capabilities. This saves
time and cost while reducing the volume of alerts.
visibility into misconfigurations and identifying cloud infrastructure
threats across dynamic public cloud environments is a continued
challenge for organizations," says ESG Vice President and Group
Director, Cybersecurity, Doug Cahill. "The new capabilities in Prisma
Cloud allow security teams to do this with greater breadth than before
and lessen the overall amount of alerts that must be addressed by
Anomalous Compute Provisioning Detection is available
now. Visibility-as-Code for OCI is available now. True Network Exposure
for AWS, Customizable Object-Level Scanning for AWS S3 and Network Data
Exfiltration Detection will be available in the next two months.
Availability of some features on additional clouds will follow.