With the rollout of Prisma Cloud in November 2019, Palo Alto Networks announced a new category in cloud security – the Cloud Native Security Platform (CNSP) – for securing cloud native applications. Today, our release of Prisma Cloud 2.0 presents an evolution in the space with four new functionality modules and further platform alignment with key user needs and market categories.

 

 

Cloud Security Posture Management 

Cloud Security Posture Management (CSPM) leverages data from public cloud service providers to deliver continuous visibility, security policy compliance and threat detection across cloud resources, users, data and applications. CSPM includes shift-left capabilities to scan infrastructure-as-code (IaC) templates across the application lifecycle.

 

Cloud Workload Protection 

Cloud Workload Protection (CWPP) helps secure cloud native applications across the application lifecycle, defined by the requirement to protect hosts (VMs), containers and serverless from a single console.

 

Cloud Network Security 

Cloud Network Security (CNS) helps protect cloud networks and applications, combining network visibility and microsegmentation for full-stack network security across multi- and hybrid-clouds.

 

Cloud Infrastructure Entitlement Management 

Cloud Infrastructure Entitlement Management (CIEM) enables visibility and control over cloud identities to ensure least-privileged user access governing cloud resources, compute and data.

 

Prisma Cloud: Cloud Native Security Platform (CNSP). In Prisma Cloud 2.0, there are four platform pillars and functionality modules: Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security and Cloud Infrastructure Entitlement Management
New Prisma Cloud platform pillars and functionality modules

 

The Need for a Cloud Native Security Platform

We’re releasing Prisma Cloud 2.0 to support the many enterprises that are actively embracing multi-cloud architectures across various compute paradigms. According to the 2020 State of Cloud Native Security Report, infrastructure and security leaders shared:

  • They are in a multi-cloud world: 94% of respondents shared they are using more than one cloud platform, with 60% stating they use between two and five cloud platforms.
  • Organizations are also leveraging multiple compute offerings: According to our survey, 86% of organizations expect their usage of cloud workloads to increase or stay the same, using a combination of VMs, containers, containers-as-a-service (CaaS) and platform-as-as-service (PaaS)/Serverless architectures.

As organizations march forward in their multi-cloud and multi-compute reality, they require new capabilities to implement consistent cloud security policies and manage risk holistically. These needs are best met through a single, comprehensive platform – indeed, 51% of high-performing organizations in the report said a single end-to-end solution would improve their cloud security posture

These organizations have a need to eliminate overhead associated with maintaining open source and point solutions, and eliminate the visibility gaps in a disjointed security stack. Consolidated platforms can also reduce alert fatigue and help control shadow IT associated with complex multi- and hybrid-cloud environments.

 

Four New Modules Integrated Within Prisma Cloud 2.0

This latest release further allows organizations to implement consistent cloud security policies, all within a single solution and controlled from one dashboard. Below, we highlight the latest capabilities added to Prisma Cloud for its 2.0 release.

 

Data Security: Discovery, Classification and Malware Detection for AWS S3

Prisma Cloud Data Security is purpose-built to address the challenges of discovering and protecting data at the scale and velocity common in public cloud environments. These new capabilities reduce the burden on security teams by providing a cloud native solution that leverages Palo Alto Networks Enterprise DLP engine to help easily discover and protect sensitive data stored across public cloud environments. The Data Security module also uses Palo Alto Networks industry-leading WildFire service to detect known and unknown malware that may have infiltrated the customer’s Amazon Web Services Simple Storage Service (AWS S3) buckets.

 

This screenshot shows the Data Security Dashboard in Prisma Cloud 2.0, including information such as Total Buckets, Total Objects, Top Publicly Exposed Objects by Classification, and Top Object Owners by Exposure.
Prisma Cloud Data Security dashboard

 

At launch, Prisma Cloud Data Security will enter limited GA and be available to a subset of Prisma Cloud Enterprise Edition customers.

 

Web Application and API Security: Protecting Web Applications and APIs from Attacks

Cloud native applications are made up of a combination of containers, functions and underlying host compute resources, and require protection for front-end facing web applications and APIs. The latest release integrates Web Application and API Security into the Prisma Cloud unified agent framework.

 

This screenshot shows an example of configuring Web Application and API Security in Prisma Cloud 2.0. The example screen features options for App Detection, App Firewall and Access Content
Configuring Web Application and API Security in Prisma Cloud

 

Users can protect applications against the OWASP Top 10 critical security risks for web applications, secure APIs from application-layer attacks, implement file upload protection and more – all from a single dashboard integrated with the protection already leveraged today.

 

Identity-Based Microsegmenation with Aporeto Integration

Following the acquisition of identity-based segmentation leader Aporeto, Prisma Cloud is moving forward with the integration of Aporeto technology in our Identity-Based Microsegmentation module.

 

This screenshot shows an example of managing identity-based microsegmentation in Prisma Cloud 2.0. In this case, the image tracks connections and separations between information stored in two different public clouds.
Managing Identity-Based Microsegmentation in Prisma Cloud


Identity-Based Microsegmentation provides end-to-end visibility of network communications to network and cloud security teams, along with comprehensive security policy control and management. In the weeks after launch, the module will enter live preview and be available to a subset of Prisma Cloud Enterprise Edition customers.

 

IAM Security: Establishing Least Privilege for Cloud Identities

Securing user identity in the cloud presents tremendous challenges for cloud infrastructure and security teams. Improper Identity and Access Management (IAM) configurations, such as overly permissive roles, reusing roles, dormant roles or exposed resources can have profound consequences for cloud security. 

 

This screenshot shows an example of IAM Security policies in Prisma Cloud 2.0. Information tracked includes policy name, category, type, class and subtype.
Prisma Cloud IAM Security policies

 

With this latest release of Prisma Cloud, users can leverage our IAM Security module to gain visibility into effective permissions and user activity, implement governance over excessive or unused permissions and respond to issues with least-privilege recommendations or automated remediation.

 

Conclusion

These new modules and capabilities give organizations a single platform for truly powerful security in cloud native development. With Prisma Cloud 2.0, DevOps, cloud infrastructure and security professionals can more confidently secure the innovations that drive user engagement. 

To learn more about these latest enhancements and how they fit into our vision for the platform, check out our fireside chat on LinkedIn Live on Oct. 20. Palo Alto Networks product leadership and other industry experts will discuss the latest cloud trends and offer insights on how to protect your cloud native applications.

RELATED ARTICLESMORE FROM AUTHOR