Prisma Cloud Native Security Platform Embeds Security into DevOps Lifecycle

Mar 25, 2020
6 minutes

Palo Alto Networks is pleased to announce the latest release of Prisma Cloud, the industry’s most comprehensive cloud native security platform. This release offers DevOps and SecOps teams added visibility and security with advanced “shift left” capabilities and central CI/CD policy management, along with several other host security features and architecture improvements. These enhancements empower organizations to implement cloud security across the full DevOps lifecycle on any cloud and any stack, and ultimately unite previously divided lines of business toward a common goal: implementation of a DevSecOps methodology to drive secure business innovation, scalability and growth.

Cloud Native Adoption Presents Security Challenges

Developer-led organizations are innovating with greater speed and agility than ever before, focusing on investments in software – both as a competency and as a competitive advantage.

Enterprises continue to modernize their software development lifecycles and embrace modern tools and processes, such as DevOps, containers and other cloud native architectures. This growth is happening in conjunction with constantly increasing, diverse cloud footprints, ultimately multiplying the number of entities to protect, both in production and across the application lifecycle. 

As organizations move to automate more of their cloud infrastructure build processes, they are adopting and creating new infrastructure as code (IaC) templates. Without the help of the right security tools and processes, these infrastructure building blocks are being crafted with rampant vulnerabilities. The Unit 42 Cloud Threat Report, Spring 2020 found nearly 200,000 insecure IaC templates in use by organizations across the globe. These vulnerabilities create significant security risks.

Disparate approaches to security that lack consistency in controls across applications, data and infrastructure are not effective due to gaps in both visibility and protection. Further compounding the challenge, there’s abstraction layered upon abstraction, and security is no longer limited to security teams.

Where There’s a Will (and an Integrated CNSP), There’s a Way

The growth in both cloud native infrastructure and the ensuing security challenges is what led to Prisma Cloud and our aim to define what it means to be a comprehensive Cloud Native Security Platform (CNSP). Organizations want to ensure they can implement both a Cloud Security Posture Management (CSPM) solution and Cloud Workload Protection Platform (CWPP). With our release of Prisma Cloud in November, we saw this convergence and pioneered this approach with the industry’s first Cloud Native Security Platform.

Palo Alto Networks was recently listed by Gartner as one of three vendors converging CWPP and CSPM capabilities across development and production, including container/serverless protection.1 

Security teams need to continuously monitor cloud configurations, while also protecting the continuum of options – VMs, containers and serverless – running on top of that infrastructure. A consolidated platform helps organizations scale their security efforts, both across the lifecycle and up and down the entire stack.

The Voice of Our Customers

“As we continue our Digital Transformation, adopting container-based application development strategies and transitioning more and more of our on-premises applications to the public cloud, we needed a third party security solution that could keep up. Prisma Cloud provided ABN AMRO with a piece of the puzzle for securing container workloads. Being able to effectively identify and remediate vulnerabilities and misconfigurations before applications are released into production empowers our security and developer teams to innovate quickly – with the confidence that our business is compliant and our customers’ data is secure.”

  • Wiebe de Roos, CI/CD Consultant & Engineer, ABN Amro

“Prisma Cloud helps our company reach the concept of DevSecOps, where we assess security in every phase of development. If any vulnerability or flaw is discovered, we patch it before going into production. Prisma Cloud provides an incredible overall picture of everything developed in our environment. In a single pane of glass, we have everything under control.” 

gThe Most Comprehensive Cloud Native Security Platform – What’s New?

With  this latest release, Palo Alto Networks is both extending the Prisma Cloud platform and augmenting its industry-leading cloud native security capabilities. Following are the highlights:

Shift Left Security

  • IaC scanning: The ability to scan IaC templates with out-of-the-box and customizable policies for insecure configurations enables customers to deliver innovation to market faster, while having peace of mind that cloud native applications and workloads are secure. A variety of shift-left plugins are available now to meet diverse customer environments and needs, including IDE (IntelliJ, VSCode), SCM (GitHub) and CI/CD (AWS CodePipeline, Azure DevOps, CircleCI, GitLab, Jenkins). Additional plugins, including GitLab and BitBucket, will become available soon. 
  • Central CI/CD policy management: Customers now have the ability to set policies for vulnerability and compliance governing CI and CD workflows directly from the centralized Prisma Cloud dashboard. Customers will also be able to view and author IaC policies within the Prisma Cloud policies dashboard. Out of the box IaC policies cover Center for Internet Security (CIS) standards for AWS, Azure and GCP. These updates help to further simplify cloud native security and consolidate cloud risk management.

VM Security

  • Amazon Machine Image (AMI) scanning: Organizations want to ensure that their images are vetted to meet vulnerability and compliance criteria and deployed from trusted sources. Vulnerability management capabilities in this latest release now include the ability to scan Amazon Machine Images (AMIs), similar to how Prisma already scans any container registry or serverless repository. This provides DevOps and security teams with added visibility into the security posture of their AMIs before they’re ever deployed. 

Serverless Security 

  • Automatic serverless protection for AWS Lambda: Following our expanded serverless security capabilities with our integration of PureSec in November, Prisma Cloud customers are now able to automatically protect their AWS Lambda functions with one click, right from the console. This means that protecting serverless applications is easier, faster and does not require developers to manually install wrappers in their code. All existing serverless security capabilities – such as vulnerability management, behavioral protection and serverless cloud native application firewall (CNAF) – are available for auto-protected functions. 

General availability of these new features and capabilities is expected for customers by late April 2020.

Start Your Cloud Native Security Journey 

To kick-start your cloud native security learning experience, explore our list of resources, “Cloud Native Security 101,” covering topics like best practices for implementing cloud native security, shifting to DevSecOps philosophies, challenges around digital transformations and more.

1 Peter Firstbrook, Neil MacDonald, Lawrence Orans, Mario de Boer, Katell Thielemann, Bart Willemsen, Akif Khan, Michael Kranawetter (2020). Top Security and Risk Management Trends, 27 February 2020. Gartner Research Firm

Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.