Most enterprises have hybrid or multi-cloud deployments, and maintaining consistent security posture across all deployments is one of their top priorities. In December 2018, we announced an expanded partnership with Palo Alto Networks with exactly that goal in mind. With Google Cloud’s native security toolkit and deep integrations with Palo Alto Networks cloud security products such as the VM-Series, Prisma Cloud, and Prisma SaaS, you can define a consistent security posture in Google Cloud and on-premises. Let’s look into some of these integrations.
Governance and compliance: Prisma Cloud provides continuous monitoring and compliance reporting for your resource configurations, network configurations and user activity on Google Cloud. It can now detect risks and provide auto-remediation across ten core Google Cloud Platform (GCP) services, such as Compute Engine, Google Kubernetes Engine (GKE), and Cloud Storage. Prisma Cloud is also integrated with GCP’s Security Baseline API (in alpha), which provides visibility into the compliance posture of Google Cloud platform. With this integration, customers can get compliance visibility into their full stack.
In addition, with Cloud Security Command Center integration, customers can incorporate Prisma Cloud findings into their single pane of glass view by simply enabling the integration in GCP marketplace.
Security analytics: Along with security governance and compliance assurance, Prisma Cloud integrates with VPC flow logs to provide useful insight into east-west and north-south traffic flows by correlating data with various security intelligence sources.
Security for GCP workloads: Palo Alto Networks Twistlock protects GCP compute workloads and applications, spanning hosts, containers and serverless functions, throughout the development lifecycle. Twistlock automatically learns normal app behaviors and prevents anything abnormal. Twistlock integrates with any continuous integration (CI)/continuous development (CD) process, registry and production environment to provide full lifecycle vulnerability management and compliance, runtime defense, cloud native firewalling and access control.
Additionally, Palo Alto Networks VM-Series firewalls protect compute workloads with next-generation security capabilities and can be deployed directly through GCP Marketplace. Deploying the VM-Series with Google Cloud Load Balancers allows horizontal scalability as your workloads grow and high availability to protect against failure scenarios. VM-Series also takes advantage of Cloud Armor to block malicious IP addresses at Google’s edge, saving on compute cycles that analyze other critical traffic flows.
Security for hybrid containerized workloads: Anthos (formerly Cloud Services Platform) lets you build and manage modern hybrid applications. Istio is an open service mesh that can be deployed on Google Kubernetes Engine (GKE) as part of Anthos to provide a uniform way to connect, manage, and secure microservices. With the NGFW policy engine (an Istio mixer adapter developed by Palo Alto Networks) customers can secure east-west traffic based on attributes such as source namespace, source service, destination namespace, destination service and protocol through Panorama. The NGFW policy engine also provides detailed telemetry from the service mesh for forensics and analytics. The NGFW policy engine can be deployed to a Kubernetes cluster hosted on-premise or in the cloud directly through the GCP marketplace.
Data Protection for G Suite: Prisma SaaS is a security service that connects directly to SaaS applications for data classification, data loss prevention and threat detection. It leverages an out-of-band, API-based approach that enables granular inspection of data at rest in G Suite as well as ongoing monitoring of user activity and administrative configurations.
Learn more about our partnership and integrations at Ignite Europe ‘19:
We hope to see you there,
The Google Cloud Team
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.