Agentless Workload Scanning Gets Supercharged with Malware Scanning

Jun 22, 2023
5 minutes

Enterprises taking advantage of cloud-native architectures now have 53% of their cloud workloads hosted on public clouds, according to our recent State of Cloud-Native Security Report 2023. But, the sheer complexity of cloud technology can dramatically expand an organization’s attack surface.

Using WildFire in 2021 to analyze malicious files, our threat research team discovered a 73% increase in Cobalt Strike malware samples compared to 2020. The speed, volume and sophistication of modern malware attacks has made them more difficult to detect. This, paired with the agility of the cloud, gives rise to a heightened — and formidable — state of risk.

The Gap Between Risk and Reality

Enterprises can’t afford to leave the frontlines and backdoors open to risk while taking weeks to deploy security products. They want better out-of-the-box security from tools, according to the cloud-native security report mentioned above. Efficiency, after all, becomes paramount with a shortage of skilled security professionals. Teams need the ability to set up cloud security in a few clicks. Organizations need actionable insights on day one from the solutions they rely on.

Agentless Workload Scanning

Today, we’re excited to announce that Prisma Cloud agentless workload scanning is now backed by Palo Alto Networks Advanced WildFire, the industry’s leading malware scanning engine. Advanced WildFire is a cloud-delivered service that uses ​patented machine learning detection engines to identify 99% of known and unknown malware. It allows security teams to leverage advanced malware analysis for containers and hosts in runtime, without having to deploy agents.

In addition, this release includes other advancements:

  • Agentless vulnerability and compliance management for Windows host machines on all three major cloud providers
  • Extension of Cloud Workload Protection capabilities to five additional compute operating systems
  • Continuous examination of API changes and usage to detect unwanted changes or API risk

Agentless Workload Malware Scanning

Container images, running containers and virtual machines may contain malware, such as cryptominers or viruses. For example, Unit 42 found 30 malicious images in Docker Hub with cryptominers that had been pulled 20 million times. While many organizations turn to sandboxing solutions for malware analysis, these solutions affect user productivity and are slow to predict verdicts.

Two years ago we started offering a native integration with Advanced WildFire for advanced malware analysis for containers and hosts in CI/CD pipelines and in runtime. We’re now extending this functionality to our agentless deployment options for hosts, VMs and container machines.

Users can scan their workloads for malware with a platform that provides flexible deployment options to fit their environments’ needs. Agentless workload scanning for known malware via Advanced WildFire is widely available. Support for zero-day malware detection is expected later this summer in SaaS Edition.

Agentless Workload Scanning Extended to Windows

Organizations often just want visibility into their cloud workloads and applications. About 18 months ago, we released agentless scanning to provide visibility into an organization’s cloud estate. This feature complemented existing agent-based protection. At the time, Prisma Cloud was the only code-to-cloud CNAPP with support for the three major cloud providers — Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).

In this release, we’re extending agentless capabilities to support 2016-2022 Windows Host machines on all three major cloud providers, supplying security teams with greater flexibility on how to engage cloud workload protection. Users can now gain visibility into vulnerabilities and compliance across Linux and Windows-based cloud workloads for AWS, Azure and GCP — without having to deploy agents.

Broader Support for Additional Operating Systems

As the number of cloud workload services increases, customers are leveraging platforms that best suit their applications’ needs. But security teams are unable to secure cloud workloads if their existing solution doesn’t support the operating system. This leaves a potentially damaging gap in their cloud security strategy.

Prisma Cloud offers the broadest coverage for cloud workload protection, supporting over 30 different operating systems. We’re now extending our cloud workload protection capabilities to five additional compute platforms: Windows Server 2022, Oracle Linux, RHEL 9, TalOS Linux, CBL-Mariner, and Rocky Linux.

API Change Detection

API attacks and abuse have been top-of-mind for most organizations. Prisma Cloud provides complete API discovery, risk profiling and real-time protection for all APIs as a part of its Cloud-Native Application Protection Platform (CNAPP).

The State of Cloud Native Security Report showed that 38% of respondents are committing new code daily. Snapshot-based API scans only provide security teams with point-in-time visibility, leaving them blind to API changes that create unwanted risk. Security teams need an approach that tracks API changes for efficient investigation.

Prisma Cloud continuously monitors APIs for changes that lead to unwanted risk. As development teams make frequent changes and updates to APIs, security teams now have visibility into these changes and the potential risk they might pose to the application at runtime. They can use this information to add protection to the endpoint or share information with their development team to remediate risk.

Learn More

To learn more about the latest enhancements to Prisma Cloud, request a free trial.