Securing Red Hat OpenShift Using Prisma Cloud

This post is also available in: 日本語 (Japanese)

Palo Alto Networks is a Red Hat® OpenShift® Ready Partner, helping organizations across government, healthcare, financial services and the intelligence community secure their cloud native environments on OpenShift.

Red Hat OpenShift is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud and multi-cloud deployments. The Red Hat OpenShift Container Platform runs across on-premises and public cloud infrastructure, enabling a hybrid approach to how applications can be deployed as a self-managed solution.

Red Hat OpenShift is available in several offerings, with specific versions for popular cloud providers. OpenShift Dedicated is a fully managed service of Red Hat OpenShift on Amazon Web Services (AWS) and Google Cloud. Microsoft Azure OpenShift 4 is also available as a fully managed offering on Microsoft Azure. It reduces operational complexity and lets users focus on building and scaling applications that add more value to the organization.


The range of Red Hat OpenShift services. This includes hosted services such as Red Hat OpenShift Dedicated, Red Hat for Microsoft Azure and Red Hat for IBM. It includes self-managed services such as Red Hat OpenShift Container Platform. Registry services include Red Hat Quay Container Registry, and operating systems include Red Hat Enterprise Linux (RHEL), Red Hat Enterprise Linux CoreOS (RHCOS), and Red Hat Universal Base Image (UBI).
The range of Red Hat OpenShift services.

Prisma Cloud is the industry’s most comprehensive Cloud Native Security Platform (CNSP) that provides security protection for organizations building and deploying on Red Hat OpenShift environments. Prisma Cloud is consumable via a SaaS console or as a native OpenShift application, which includes support for fully air-gapped environments.


A Strong Partner with Red Hat

The Palo Alto Networks connection to Red Hat goes back to Twistlock, which was acquired by Palo Alto Networks in July 2019 and is now fully integrated as part of Prisma Cloud. Twistlock provided an open source contribution to the Docker authorization plugin as part of OpenShift and supported dozens of customers using OpenShift in product development.

Prisma Cloud’s compute security capabilities cover:


Vulnerability Detection and Prevention

Identify vulnerable images and prevent them from deploying across your environment, with alerting and enforcement policies covering the entire CI/CD process. Prisma Cloud uses Red Hat-specific vulnerability data, resulting in incredibly precise, layer-aware vulnerability analysis with high accuracy.


Compliance Management

Users can easily monitor compliance for Docker, Kubernetes and Linux against CIS Benchmarks, as well as external compliance standards and custom requirements.


Advanced Threat Intelligence

Use aggregated vulnerability information from more than 30 sources along with our internal threat labs, including built-in coverage of Red Hat CVEs directly from the Red Hat OVAL feed, and custom-developed and tested seccomp policies for common OpenShift workloads.


Runtime Defense

Protect OpenShift environments at scale with machine learning that automatically creates runtime models for every image deployed in every pod in OpenShift, hunts for anomalies and automatically prevents breakouts/attacks.


Cloud Native Firewalls

Visualize applications and protect against any Layer 4 network attacks by whitelisting inter-pod and service communication. Automatically detect and prevent threats to applications with a Layer 7 web application firewall.


Access Control

Establish and monitor access control measures for OpenShift clusters, Docker and Kubernetes while integrating with identity and access management (IAM) and secrets management tools, along with other core technologies.


Open Container Standards Support

Support open container standards like runC and containerd, and work with runtimes including Docker, cri-o and cri-containerd.


New Red Hat-certified Prisma Cloud Operators

Red Hat certified the updated Prisma Cloud operators, which are now available in the Red Hat catalog and in the open source Kubernetes operators hub.

You can easily click and deploy Prisma Cloud with the operator from inside your OpenShift Container Platform portal. Documentation explains how to install the operator and the console on your OpenShift clusters.

Support for OpenShift 4.x Versions

With the latest release, Prisma Cloud supports OpenShift 4.2, 4.3, 4.4 and 4.5. 


Azure Red Hat OpenShift Whitelists Prisma Cloud

Azure Red Hat OpenShift (ARO) is a managed OpenShift environment that doesn’t allow users to run privileged containers. Tools for monitoring and security require the containers/pods to run with privileges to support deep monitoring and security policy enforcement.


Prisma Cloud is part of the cloud native stack


However, Red Hat and Microsoft have whitelisted Prisma Cloud, which allows users to run defenders on ARO clusters, enabling them to secure container deployments. For more information, refer to the Azure documentation.


Getting Started with Prisma Cloud and OpenShift

Prisma Cloud provides you a secure way to build and deploy containerized applications across any Red Hat OpenShift platforms. To learn more about Prisma Cloud, visit the product page, or start with a free 30-day trial.