SANTA CLARA, Calif., Aug. 31, 2021 /PRNewswire/ -- Palo Alto Networks (NYSE: PANW) today announced that Bridgecrew by Prisma® Cloud has added Multi-Cloud Drift Detection to identify and flag discrepancies between how cloud resources were defined in infrastructure as code (IaC) and how they are currently configured in runtime. With misconfigurations a leading cause of cloud breaches, Drift Detection helps improve cloud security posture and enables teams to effectively manage IT infrastructure (GitOps). The initial deployment of Drift Detection supports Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
According to Gartner®, "Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users."1 While DevSecOps helps keep misconfigurations to a minimum by codifying and enforcing security policies, out-of-band changes are inevitable because of maintenance, incident response tasks and ad hoc changes—these out-of-band changes are known as drift. Regardless of why drift occurs, being able to detect and address it when it does is crucial to maintaining GitOps practices and mitigating cloud risk.
"The most effective way to avoid misconfigurations is by adopting infrastructure as code and making all changes through git and a secure continuous integration/continuous delivery (CI/CD) pipeline. That way, misconfigurations are identified and fixed in code before they're provisioned," said Idan Tendler, vice president of DevSecOps, Prisma Cloud at Palo Alto Networks. "However, even organizations that follow GitOps best practices have 'break glass' emergencies where operations teams need to make quick changes to cloud resources directly in production that can result in drift. Detecting this drift is one of the keys to maintaining a secure cloud infrastructure."
Bridgecrew Drift Detection is powered by the company's latest open source project Yor, which automatically tags IaC templates with attribution and ownership details as well as a unique ID that gets carried across to cloud resources. Drift Detection builds on top of Yor's code-to-cloud tracing abilities by alerting developers when a drift occurs and allowing them to automatically fix it straight from the Bridgecrew platform. Because of the visibility and control that Drift Detection allows, it is an important critical capability for any organization that is shifting security left and embracing DevSecOps.
Drift Detection is available now as part of the Bridgecrew standalone platform, which can be purchased using Prisma Cloud Credits.
1Gartner, "Hype Cycle™ for Cloud Security 2021," Tom Croll, Jay Heiser, 27 July 2021. GARTNER and HYPE CYCLE are registered trademark and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Bridgecrew by Prisma Cloud is the developer-first cloud DevSecOps platform that enables teams to automate infrastructure security throughout the development lifecycle. With support for infrastructure as code (IaC) scanning, security-as-code fixes, and native developer tools integrations, Bridgecrew shifts security left and makes it accessible to developers. Learn more and get started for free at bridgecrew.io.
About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.
Palo Alto Networks, Prisma Cloud and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.
SOURCE Palo Alto Networks, Inc.