Cloud Workload Protection Solution Protects Against Threats Like the Log4J Vulnerability With Pre-Deployment VM Image Library Scanning for Public Clouds and Web Application and API Security Dashboards
Today’s enterprises continue to move to the cloud and take advantage of emerging cloud native architectures. In the Palo Alto Networks 2022 State of Cloud Native Security Report, where we interviewed over 3000 global security, infrastructure, and DevOps practitioners, respondents shared that they expect to host 68% of their workloads in the cloud within two years, which is consistent with last year’s expectation of 65%.
Additionally, the number of workloads hosted in PaaS and serverless stacks rose 20 percentage points while use of containers and containers-as-a-service saw more moderate growth. Overall, about half (47%) of organizations use all compute stacks equally, while overall numbers reflected the following for compute adoption:
- Virtual Machines: 99% of respondents use VMs
- Containers: 93% of respondents use containers
- Containers-as-a-Service (CaaS): 79% of respondents use CaaS
- Platform-as-a-Service (PaaS) and Serverless: 99% of respondents use PaaS/serverless
With the proliferation of these architectures, security, infrastructure, and DevOps teams need a centralized solution to provide visibility and protection across the continuum of cloud native architectures to address vulnerabilities, manage compliance, and enable runtime protection. For example, with a vulnerability like Log4Shell, security teams would quickly want to identify vulnerable applications while also protecting their applications from threats and attacks.
Today, we’re excited to release the latest Cloud Workload Protection capabilities to Prisma Cloud, enabling full lifecycle, full stack protection for cloud native applications. The release includes:
- General availability of Agentless Security to scan VMs on AWS: The release of these capabilities provides easy risk prioritization for virtual machines.
- Pre-Deployment virtual machine image library analysis for Azure and Google Cloud: Seamless scanning of machine images now supports two additional public clouds.
- Cortex XDR connector: Prisma Cloud now includes a pre-built integration for sending host, container, and serverless incident data to Cortex XDR for further analysis.
- Kubernetes auditing enhancements for AKS and EKS: Security and DevOps teams can now capture and analyze Kubernetes auditing data from public cloud Kubernetes services to identify risks and security events.
- Enhancement to vulnerability management: Extended and granular scope for tags to enhance exception and metadata reporting on vulnerabilities.
- Web Application and API Security: New analytics dashboards for improved web application attack visibility and support for gRPC protection.
Agentless Security: Scanning VMs on AWS
In our Prisma Cloud 3.0 announcement in November, we pre-announced our support for Agentless Security to scan cloud workloads for vulnerabilities, starting with hosts on AWS. This integrated vision helps security teams address visibility and security concerns for their cloud workloads by providing organizations with quick visibility into their security posture without having to deploy agents.
Agentless scanning is an additional, complementary solution in Prisma Cloud that simplifies our approach to visibility across compute assets, in addition to our agent-based protection. Agentless security primarily focuses on snapshot-based scanning, instant visibility into risks and vulnerabilities in your instances and broader coverage across cloud accounts without access to each machine. Runtime protection, including preventative capabilities, is better provided by the live Defender agents on the hosts. Both agent-based and agentless protection is the solution for comprehensive security.
Agentless scanning works off cloud provider APIs and disk snapshots, and can be initiated easily while onboarding cloud accounts, providing a non-intrusive way to understand security posture. This extends coverage to both active and dormant virtual machines in the public cloud. At launch, Prisma Cloud will support virtual machines on AWS with plans to extend to other stacks and clouds.
Host Security: Pre-Deployment Virtual Machine Image Scanning Across Public Clouds
Securing cloud virtual machines (VMs) requires a full lifecycle approach to security. At runtime, security teams need to protect workloads from threats, as well as prioritize risk and maintain compliance. These capabilities are delivered by Prisma Cloud through a combination of agent-based protection and agentless scanning to offer users flexibility and choice in how they manage security for their VMs.
Additionally, organization’s DevOps teams want to build golden image pipelines to ensure that vulnerabilities and misconfigurations in VMs are addressed before hosts are deployed. With the latest release to Prisma Cloud, DevOps and security teams can now continuously scan VM image libraries on Microsoft Azure and Google Cloud Platform, with AWS AMIs already supported. This allows users to see vulnerability status, compliance posture, and identify malware before a machine image is run in production. For example, if a machine is running a vulnerable version of apache log4j, the new feature can catch this vulnerability before it is deployed.
Cortex XDR Integration: XDR Connector for Sending Runtime Security Telemetry to Cortex XDR
Today’s security operations teams are responsible for a growing attack surface and evolving cloud native application portfolio as enterprises move and scale in the cloud. These teams want to quickly and seamlessly analyze and investigate incidents across a wide range of endpoints.
In order to address these challenges, Prisma Cloud integrates across the Cortex portfolio to help organizations better understand their cloud attack surface by integrating with Cortex Xpanse, as well as sending alerts to Cortex XSOAR for automated remediation.
Now, users can take advantage of a new integration with Cortex XDR, where runtime container alerts, runtime host alerts, and incident data is sent to Cortex XDR and the Cortex Data Lake. This integration provides SOC analysts with new, integrated data for analysis and investigation.
Container Security: Kubernetes Auditing Enhancements
As Kubernetes continues to become the de facto control plane for deploying, managing, and scaling containerized applications, DevOps, cloud infrastructure, and security teams want to capture public cloud Kubernetes audits into their security tools for alerting and analysis.
Previously, Prisma Cloud has supported capturing Google Kubernetes Engine (GKE) audit data, and now we are expanding our support to include Amazon Elastic Kubernetes Service (EKS) and Microsoft Azure Kubernetes Service (AKS).
Users can implement pre-built or user-created rules to alert on audit criteria. Prisma Cloud enhances previous audit data that was captured to surface fine-grained event audits, all mapped to our ATTACK dashboard.
Enhancement to Vulnerability Management
With the new enhancements to vulnerability management, teams now have increased granularity to add tags for different scopes for enhanced reporting and management of CVEs.
Web Application and API Security: New Analytics Dashboards for Improved Visibility and Support for gRPC Protection
According to Forrester’s recent Analytics Business Technology Survey, 2020, web application exploits, such as SQL injection, cross-site scripting, and remote file inclusion, are the most common forms of external attack. Protection for web applications and APIs continues to evolve as organizations adopt containers, Kubernetes, and serverless architectures. In these ephemeral environments, managing additional agents, gateways, and appliances becomes challenging for traditional security and application security teams.
In order to provide integrated, best-in-class protection for modern applications, Prisma Cloud delivers powerful Web Application and API Security capabilities that include coverage for the OWASP Top 10, API protection, bot risk management, and advanced DoS protection.
With the latest release of Prisma Cloud, we’re now delivering a Web Application and API Security dashboard to highlight real-time and historical metrics, alert details, and policy management along with our recent API observation and unprotected web applications views. In addition, customers leverage gRPC protection out of the box without any additional configuration.