Prisma Cloud and Bridgecrew: Doubling Down on Developer-Led Security

Mar 02, 2021
4 minutes
... views

We closed the Bridgecrew acquisition to further shift left, enhance developer-led security and secure infrastructure from build-time to run-time.

We are excited to announce the close of the Bridgecrew acquisition. With this acquisition, Prisma Cloud expands coverage of applications and workloads with additional Shift Left capabilities. We continue moving toward our vision of a platform for developers and DevOps teams to secure their cloud native applications and infrastructure throughout the software development lifecycle, while giving security teams visibility into security posture at every stage from build-time to run-time.

Bridgecrew finds, fixes and prevents misconfigurations in deployed cloud resources and at the infrastructure as code (IaC) level. IaC is a modern paradigm in which engineering teams can codify infrastructure configurations and programmatically provision infrastructure to best fit their needs. This improves speed, repeatability and auditability, while overall reducing errors. However, if developers and DevOps teams don’t fix issues in development, it dramatically increases the time to find and fix misconfigurations found in production.

Many templates contain misconfigurations that open infrastructure and databases to attacks. These templates, which can be used by dozens or hundreds of developers, can lead to hundreds of insecure assets and negatively impact an organization’s cloud security posture. This overwhelms already understaffed security teams.

Bridgecrew Brings Automation and Community to Shift Left Security

Checkov, an open source tool created and maintained by Bridgecrew, is a static code analysis tool for IaC. It scans templates for misconfigurations that open up attack vectors in cloud infrastructure. The tool is embedded in the development process with a command-line interface (CLI) and plugin for popular continuous integration (CI) tools and repositories.

The resounding excitement and support for Checkov, with over 1.2 million downloads and over 2,000 stars on GitHub, showed us just how important providing developers with automated security capabilities is. Palo Alto Networks recognizes the value of the community that built Checkov and looks forward to the continued growth and improvements from this group. We will accelerate investment in the open source community as the number one priority. Together, we will continue the innovation and enhance the capabilities, adding more frameworks, expanding the number of checks and increasing the depth of coverage.

The Bridgecrew platform augments Checkov with run-time visibility and security-as-code fixes. Palo Alto Networks will improve the platform, ecosystem integrations and developer experience, and offer accessible (and free!) plans. We will offer new content and training resources dedicated to closing the knowledge and access gap. 

By closing the rift between security and developers, we will disrupt the cloud security space, saving teams countless hours chasing cloud misconfigurations and reducing risk exponentially for organizations big and small.

End-to-End Cloud Native Security

Prisma Cloud and Bridgecrew together will double down on developer-led security. Prisma Cloud and Bridgecrew provide cloud infrastructure protection across develop, build, deploy and run. The Bridgecrew platform scans for misconfigurations across the development lifecycle, with an emphasis on IaC, and provides security-as-code fixes. Prisma Cloud’s existing Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) capabilities check for and remediate any misconfigurations that make it into production while protecting running workloads and applications.

Both offerings provide an intuitive, automated way for developers to find and remediate misconfigurations and vulnerabilities via their existing DevOps workflows and tools. By catching issues during the development cycle, the time and cost to fix issues decreases compared to fixing them in production.

Meanwhile, security teams gain visibility into their posture and policy control starting with development through to run-time in a single platform. This creates a scalable way to secure cloud applications and infrastructure and reduces the burden on security teams.

Together, Bridgecrew and Prisma Cloud will continue to offer the most comprehensive cloud native security platform to our customers. If you want to learn more from the founders of Bridgecrew, check out our Reddit AMA Thursday. We (Varun and Idan) will also be hosting a Twitch Fireside Chat next Monday on the Bridgecrew Twitch stream. We’d love to have you!


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.