This post is also available in: 日本語 (Japanese)
Prisma Cloud Now Secures Apps with the Industry’s Only Integrated Web App Firewall (WAF), API Security, Runtime Protection and Bot Defense Platform
We’re proud to announce our next set of developments for workloads for Prisma Cloud, which will help to bolster host and container security for our customers.
At Palo Alto Networks, our team is committed to delivering comprehensive Cloud Workload Protection capabilities across the cloud native continuum – securing hosts, containers and Kubernetes, and serverless functions – both at runtime and across the application lifecycle.
Integrated and comprehensive platforms are essential as cloud native adoption continues to grow. In the 2020 Cloud Native Computing Foundation Survey, CNCF shared that:
In search of efficiency, organizations are adopting a mix of cloud native architectures, combining them with various pipeline technologies and integrating them into rapid release cycles. However, they are often stitching together multiple, single-purpose security solutions to protect these stacks – creating operational burdens and security gaps.
The latest Prisma Cloud enhancements for Cloud Workload Protection allow DevOps teams to continue building and deploying their workloads and applications rapidly, while helping security teams deliver comprehensive protection.
In our Prisma Cloud 2.0 launch, we unveiled our Web Application and API Security (WAAS) module for discovering and protecting web applications and APIs running across clouds, delivering customizable OWASP Top 10 protection, API security and runtime protection. By delivering these capabilities from a single dashboard integrated with our Defender unified agent framework, security teams can quickly and easily deploy and enable protection for cloud native applications.
To demonstrate the module's potential, our product team ran an internal benchmark analysis against other leading solutions. The team measured the rate of false positives and negatives by running a rich arsenal of real-world attack payloads against a set of over 200,000 legitimate web transactions.
Detailed in a new whitepaper, our team showed that our web application firewall (WAF) capabilities outperformed six competing solutions. The Prisma Cloud module has the highest precision rating at 99.3%, which measures the ability to avoid false positives and false negatives. It also has the lowest false positive rating at just 0.02%.
In addition to unveiling our benchmark test results, we're releasing new robust WAAS capabilities, including:
Though container and Kubernetes adoption continue to rise rapidly, hosts or cloud VMs are still central to cloud infrastructure strategy. Whether an organization has adopted a lift-and-shift approach to move workloads to the cloud or is leveraging VMs to run a containerized stack, security teams need to protect these workloads. This includes having continuous vulnerability management and compliance, runtime protection (file integrity monitoring, log inspection, custom runtime rules), access control and forensics.
With our new custom host compliance policies, users can implement security policy compliance checks for these protections via Bash scripts to cover host operating systems, orchestrator configurations or runtime checks.
As security teams monitor and protect a growing and constantly evolving set of Kubernetes environments, using Kubernetes-native constructs to map rules and policies, and view runtime audits saves them time and energy. In our latest release, Prisma Cloud improves how teams can leverage Kubernetes cluster names across the platform.
Teams can use cluster names to map environments and policies or view runtime environments and audits. Examples include:
The screenshot above shows how security teams can use clusters as a filter for viewing security incidents in Incident Explorer, so they can quickly diagnose an incident, review kill chain data and see a timeline view.
As CRI-O continues to emerge as an open standard for container runtimes, DevOps and security teams will want to ensure they have the proper security policy compliance checks mapped to this technology.
Now, Prisma Cloud maps 25 specific compliance checks to CRI-O across containers, images and host configurations. Within the compliance rules editor, users can quickly and easily select these pre-built mappings in the dropdown menu, as highlighted in the screenshot below.
Our latest release includes enhancements across our platform:
All the features above are available today in Prisma Cloud Compute Edition with general availability in Prisma Cloud Enterprise Edition by early-February. To learn more, join us at our 2021 Virtual Summit on Jan. 26, “Building a Scalable Strategy for Cloud Security.”
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.