Complete Cloud Native Security Is Here

Nov 27, 2019
6 minutes
... views

Prisma Cloud extends to workload protection and vulnerability management with Twistlock and PureSec

It’s a cliché at this point to open these blog posts with a line about how “enterprises are embracing the cloud.” Everybody knows that, and yes, I realize I just did it. Old habits die hard. Based on the now inevitable move to the cloud and countless conversations with our customers, Palo Alto Networks set out to create the most complete Cloud Native Security Platform in the industry. While we knew the importance of solving the needs of different business teams by offering a wide breadth of security capabilities (i.e. DevSecOps has different needs from SOC analysts), we also knew it would be crucial to make sure that everything we offer is best-in-class.

Starting about a year and a half ago, Palo Alto Networks made a series of strategic acquisitions: Evident.io, RedLock, Twistlock and PureSec. Each company’s products offer a set of unique capabilities in the world of cloud and application security. Today, we are incredibly excited to announce we are bringing all of these capabilities under one name, Prisma Cloud, the most complete Cloud Native Security Platform.  

The road to Prisma Cloud: how Palo Alto Networks has integrated its strategic acquisitions, Evident.io, RedLock, Twistlock and PureSec.

 

How Does Prisma Cloud Help You?

Prisma Cloud includes the Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP) and Data Loss Prevention (DLP) capabilities already used by thousands of RedLock and Twistlock customers, now integrated into one platform. Customers can now use Prisma Cloud as a single pane of glass to secure their entire application lifecycle from build to deploy to run across IaaS, PaaS, network, storage, host, container and serverless.

Cloud Visibility

Prisma Cloud gives you a unified view of security and compliance posture across the application lifecycle and cloud environments. Shine a light on your organization’s cloud assets and know what you have, where you have it and how it affects your security posture, from Infrastructure-as-Code (IaC) tools such as Terraform, CloudFormation and Kubernetes YAMLs, to images in registries and cloud resources.  

Screenshot of Prisma Cloud, by Palo Alto Networks

 

Governance and Compliance

Prisma Cloud helps businesses meet government or industry-mandated compliance standards as well as custom compliance requirements with ease by generating one-click, audit read compliance reports and continuously monitoring all cloud services for misconfigurations.

Screenshot of Prisma Cloud, by Palo Alto Networks

 

Container, Serverless and Host Security

Protect workloads from build to run by detecting and preventing vulnerabilities in container images, functions, hosts and IaC templates. Actively defend applications with runtime protection, least-privilege microsegmentation and cloud native application and network firewalling, regardless of the underlying compute that powers them in hybrid or multicloud environments.

Screenshot of Prisma Cloud, by Palo Alto Networks

 

DevSecOps Enablement

Shift left by integrating security as early as possible in the application lifecycle. Prisma Cloud integrates with continuous integration (CI) and developer tools so you can implement safeguards that prevent vulnerable images, serverless functions and IaC templates from reaching deployment.

Screenshot of Prisma Cloud, by Palo Alto Networks

 

What’s New with Prisma Cloud?

With the latest release, Prisma Cloud introduces a slew of new features, but one thing is obvious at first glance. Prisma Cloud has a new look!

Screenshot of Prisma Cloud, by Palo Alto Networks

 

The first thing you might notice is that the navigation menu is now on the left, and is neatly collapsible so you can use all your screen real estate. The second thing is the addition of the Compute tab.

Screenshot of Prisma Cloud, by Palo Alto Networks

 

Clicking on the Compute tab will collapse the navigation menu and reveal the capabilities integrated from Twistlock and PureSec. Here are some of the features that will be included in this upcoming release:

New Feature Benefit
Compute tab – access all workload protection and vulnerability management capabilities within Prisma Cloud  Single pane of glass UI for CSPM and CWPP
SaaSified Prisma Cloud Compute (Twistlock Console) instance for each Prisma Cloud tenant Eliminates the need to install, update and manage a CWPP console. 
Single Sign On (SSO) support for new features Easy access to all the CSPM & CWPP capabilities in a single interface
Resource Query Language (RQL) on host and serverless vulnerability See host and serverless vulnerabilities natively inside Prisma Cloud’s Resource Explorer alongside config, network and audit data

How Can I Use Prisma Cloud?

With these latest additions, you can now implement a comprehensive cloud security strategy that caters to a wide variety of professionals, such as DevOps, DevSecOps, SecOps and cloud security architects, using a single platform. Customers can choose the subset of capabilities that matches their needs with Prisma Cloud’s different editions and deployment models. With all editions, different views can be configured to make sure each user only has access to what they need. For example, security analysts will have access to the Security Operations dashboards, where they can see alerts on misconfigured cloud services, while a DevOps engineer can access the Compute tab to deploy agents to secure hosts, containers and serverless. 

Prisma Cloud Packaging Options What You Get
Prisma Cloud Enterprise Edition This edition includes all Prisma Cloud capabilities, including CSPM (from Evident and RedLock) and CWPP (from Twistlock and PureSec). Customers get full visibility and security posture management on their cloud infrastructure and services, as well as full lifecycle workload protection and vulnerability management across multi and hybrid clouds. This edition is delivered as a SaaS solution.
Prisma Cloud Compute Edition This edition includes the workload protection and vulnerability management capabilities of Prisma Cloud. These are the CWPP features from Twistlock and PureSec and are mostly agnostic of cloud platform. This edition is delivered as a self-hosted solution, meaning customers can deploy Prisma Cloud Compute Edition software on their own cloud or datacenter.

I Want to Try Prisma Cloud!

If you are an existing Prisma Cloud Enterprise Edition customer, the Compute tab (where you can access the CWPP capabilities from Twistlock and PureSec) will be automatically enabled in your Prisma Cloud tenant. The rollout of this capability to the Prisma Cloud customer base will start from mid-November 2019 and continue into December. When your tenant is enabled with the Compute tab, you will see a message pop up. Once you see the Compute tab, you can click on it, deploy agents in your hosts, containers and serverless environment and start securing those.

Please review the updated Prisma Cloud licensing requirements to understand how your usage of the Compute tab capabilities will be counted toward your Prisma Cloud licenses. If you’re not yet a customer, start a free trial of Prisma Cloud today!


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.