Recently, Cloud providers like AWS started leveraging the ARM64 architecture to help customers achieve better performance across a broad range of workloads, while saving costs. For example, AWS released the optimized Graviton2 processor which improves the price performance for workloads in Amazon EC2, with up to 25% better compute performance (AWS Graviton). Because these ARM64 instances have better price performance, companies are leveraging these processors and running compute workloads like containerized or virtual machine applications.
When improving the compute performance and costs, securing the application’s workloads is still a challenge. Customers require visibility into the vulnerabilities, risks, and compliance issues in their workloads. On top of that, they would like to detect and prevent anomalies with runtime protection when the application is running in production environments.
Prisma Cloud is excited to announce the support for workloads running on ARM64-based architecture instances. For example, we can now deploy Prisma Cloud Compute Defender to protect your AWS Elastic Kubernetes Service (EKS) running Graviton2 instances. Customers can now secure ARM64 architecture-based workloads across build, deploy and run. You no longer have to compromise performance for security when using better price performant cloud native compute offerings.
Protect Workloads Running on ARM64-based Architecture Instances
Prisma Cloud Compute Defenders can now protect workloads running on ARM64 based instances. The Defender can scan the deployed workloads for vulnerabilities, compliance, runtime, access control and web application and API security risks.
Customers also have access to the latest enhancements to our Intelligence feed to support vulnerabilities that are dedicated to ARM64, so you can now get accurate vulnerability detections for ARM64-based images and packages. That allows scanning ARM64 architecture images and hosts, for deployed images, CI scanning and Registry scanning mechanism.
Installing agents can be time consuming, so the current Defender installation experience using the UI and our CI tool will remain the same. Meaning that you should expect the same experience and can continue with the flow that you currently have to deploy Defenders on ARM64 instances.