Prisma Cloud Adds Flexible Deployment Options To Address Web Attacks and Extends Workload Protection Across ARM Architectures, Container as a Service, and Serverless Functions

Today’s enterprises continue to move to the cloud and take advantage of emerging cloud native architectures. Most organizations are leveraging 2 or more clouds, from public cloud providers to their own private cloud or taking a hybrid cloud approach. “By 2023, over 500 Million Digital Apps and Services Will Be Developed and Deployed Using Cloud-Native Approaches (IDC)”. Adding to this, cloud native applications contain dozens of microservices - across multiple layers including infrastructure, workloads, code, and data. We continue to deliver innovation and value along these trends and are happy to announce the following capabilities:

  • Multi-Cloud Agentless Cloud Workload Protection: Extending visibility into an organization’s cloud workload and application risks across Azure and Google Cloud, in addition to AWS, to complement existing agent-based protection
  • Runtime Protection for Azure Serverless Functions: Comprehensive protection for all Azure workloads, including host, containers and serverless functions
  • Enhanced Protection for Container as a Service (CaaS): Workload security for CaaS platforms across the major public cloud providers such as Amazon ECS

We recognize that business workloads are being deployed on processors based on ARM architecture. Organizations need high performance workloads at lower costs, and we are proud to expand our Cloud Workload Protection support:

  • Workload Protection for ARM Architecture: Secure ARM architecture based workloads across build, deploy and run phases. Capabilities include vulnerability and compliance management, Runtime protection, Access Management and support for Container and Host Defenders

Businesses adopt inline Web Application Firewalls (WAF) and point API Security tools to block threats; however, security teams are challenged with sacrificing application performance for increased protection and end up spending too many cycles trying to integrate new point solutions with the rest of the cloud security toolset. With this in mind, we are happy to announce Out of Band WAAS in addition to our inline WAAS:

  • Out of Band Web Application and API Security (WAAS): Out of Band Web Application & API Security (WAAS): Prisma Cloud provides security teams the flexibility to choose between inline and out of band deployments to fit your environment's requirements. Monitor web apps and APIs in minutes without impacting performance.

 

Out of Band Web Application and API Security

In a recent study by Forrester, 39% of external attacks are web application exploits, making it the most common form of external attacks. As modern cloud native web applications and APIs become prevalent; application security and development teams recognize the need for a modern web application and API security solution. At times, development teams do not want security deployed inline because it can impact the performance and availability of web apps or APIs. Meanwhile security teams are unable to monitor web apps and APIs running in environments without agents deployed.

Prisma Cloud’s WAAS module now offers out of band web application and API security for flexible deployment options that fit your security requirements. Customers can now discover risks and protect web apps and APIs in minutes without deploying agents inline. This is extremely useful for those web applications or APIs that are critical to the business or sensitive to latency, where customers would rather not introduce a proxy in-line. Security teams can gain insights into all risks facing web apps and APIs, without impacting application performance.

Out of Band WAAS Policy management in Prisma Cloud
Out of Band WAAS Policy management in Prisma Cloud

 

Multi-Cloud Agentless Cloud Workload Protection

As cloud adoption continues to accelerate, we want to work with our customers to help their security teams address visibility and security concerns for their cloud workloads by providing them with added flexibility. Customers are looking for quick visibility into their security posture without having to deploy agents. Agentless workload scanning is an additional, complementary solution in Prisma Cloud that simplifies our approach to visibility across cloud workload assets, in addition to our agent-based protection.

In our Prisma Cloud 3.0 announcement in November, we announced support for Agentless Security to scan running and stopped hosts on AWS for vulnerabilities. Now we are extending visibility into an organization’s cloud workload and application risks across Azure and Google Cloud, in addition to AWS, to complement existing agent-based protection. In addition, to vulnerability scanning, it will include compliance scanning across standard benchmarks, custom compliance support, proxy support and much more. Agentless scanning is an additional, complementary solution in Prisma Cloud that simplifies our approach to visibility across compute assets, in addition to our agent-based protection.

 

Agentless Account Config in Prisma Cloud 
Agentless Account Config in Prisma Cloud

Enhanced Protection for Container as a Service (CaaS)

Container as a Service platforms are becoming increasingly popular for development and IT teams because there is less maintenance and, in some cases, it lowers costs. While CaaS streamlines the process of deploying and managing containers, security is still a major concern for security teams.

To help security teams secure these containerized workloads, Prisma Cloud is launching has been able to protect CaaS platforms and now enhancing visibility. We now provide comprehensive visibility into these workloads including cloud metadata, vulnerability, and compliance analysis for major CaaS platforms. At the runtime level, our latest release brings file system protection, detecting anomalous behavior such as changes to binaries, SSH admin account configs and malware detection.

Additionally, Fargate workloads we are simplifying the deployment making the Fargate defender set up process much easier for developers. We heard from customers about the struggle to deploy these types of defenders and added two new capabilities. The first one is automatic fetching of the entry point from the image, and the second is to allow the creation of protected Fargate tasks in a CloudFormation format.

 

Overview of Vulnerability Scanning for CaaS in Prisma Cloud
Overview of Vulnerability Scanning for CaaS in Prisma Cloud

 

Workload Protection for ARM Architecture

Cloud providers like AWS are offering ARM64 compute architecture to help customers achieve better performance across a broad range of workloads, while saving costs. For example, AWS released the optimized Graviton2 processor which improves the price performance for workloads in Amazon EC2 with up to 25% better compute performance (AWS Graviton). Because these workloads are faster and cheaper, IT teams are leveraging these processors and running compute workloads like containerized or virtual machine applications.

When improving the compute performances and costs, securing the application’s workloads is still a challenge. Customers require visibility into the vulnerabilities, risks, and compliance issues in their workloads. On top of that, they need secure running applications in production from unusual behaviors with runtime protection.

Prisma Cloud is excited to announce support for workload protection for workloads running on ARM64-based architecture instances across build, deploy and run. You no longer have to compromise performance for security when using faster and more efficient cloud native compute offerings.

 

Workload Protection for ARM based Cloud Instance in Prisma Cloud
Workload Protection for ARM based Cloud Instance in Prisma Cloud

 

Runtime Protection for Azure Serverless Functions

In the most recent State of Cloud Native Security Report we found that the use of serverless functions rose 20% to 42%. Organizations continue to use a diverse set of compute options available to them. The use of serverless functions offers several significant benefits. It frees developers to focus on application development and better-quality application code. Although infrastructure concerns are handled by the cloud provider, security is not. Those organizations need a comprehensive solution to protect their serverless functions in Azure during runtime from active threats. Prisma Cloud’s runtime protection offers the ability to monitor and enforce the function's process, network and file-system activity at runtime and offers built-in protection against cryptojacking attacks.

Prisma Cloud’s vision is to provide comprehensive protection for all Azure workloads. In our latest release, we are adding support for Azure serverless functions in addition to AWS. Customers can now leverage comprehensive cloud security for their serverless workloads on multiple cloud platforms such as AWS and Azure.

 

Serverless Security in Prisma Cloud (Defender Deployment)
Serverless Security in Prisma Cloud (Defender Deployment)

 

Our Vision for Prisma Cloud

A few years ago, we introduced Prisma Cloud, with the vision of providing complete cloud security across technology stacks, clouds, and application components, without the need to continue purchasing, deploying, and maintaining multiple point solutions or maintain endless 3rd party and open-source tools. Our goal is to deliver best-in-breed security capabilities into an integrated cloud native application protection platform (CNAPP). Our commitment is to help businesses secure their critical applications across the full application lifecycle, while enabling them to increase their cloud agility.

Prisma Cloud is the industry’s most complete Cloud Native Application Protection Platform, with a vision for unmatched, integrated cloud security to ensure that multi cloud environments and cloud native applications are secured - from code through build and deploy to run stages in their lifecycle.

 

Learn more

To learn more about the latest enhancements to Prisma Cloud, request a hands-on demo or join us at one of our upcoming webinars. And, be sure to watch the demo video below to see what's new in Prisma Cloud today.