CTO Universe

Securing Your Metadata from Cloud Heists with Prisma Cloud’s Attack Path Policies

Prisma Clud

SEPTEMBER 26, 2023

Many businesses today rely on cloud computing, and AWS is a significant player in this space. Its enhanced version, IMDSv2, requires session-oriented requests, adding an extra layer of security. Armed with IAM role credentials, the attacker can make authenticated AWS API requests. Using AWS, though, can be tricky.

Policies

Policies Cloud AWS Technical Review

Zero Trust Security Model in Cloud Environments

Prisma Clud

SEPTEMBER 21, 2023

But widespread adoption of cloud computing, coupled with an evolving threat landscape, has exposed the limitations of perimeter-based security. But widespread adoption of cloud computing, coupled with an evolving threat landscape, has exposed the limitations of perimeter-based security. million in 2023. million in 2023.

Cloud

Cloud Network Policies Machine Learning

Find and Fix XZ Utils in Just a Few Clicks

Prisma Clud

APRIL 3, 2024

But where do you start? Don’t panic. Take a deep breath. Let’s pause and take a minute to understand the impact of zero-day vulnerabilities before jumping into action. Remember what Benjamin Franklin said— “By failing to prepare, you are preparing to fail.” The following list of questions allows you to plan for a vulnerability like CVE-2024-3094.

Linux

Linux Policies Cloud Applications

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Implement Zero Trust with Just-in-Time Access

Prisma Clud

NOVEMBER 30, 2023

Rapid migration to cloud services presents organizations with new security challenges. IAM is a factor in nearly every cloud attack. Research by ESG indicates that 99% of organizations to have suffered a cybersecurity incident acknowledge the role of credentials in exposing their cloud environment.

Compliance

Compliance Software Review Cloud Resources

Fixing Issues from Code to Cloud in One Place

Prisma Clud

OCTOBER 19, 2023

Following up on our recent blog post where we touched on code-to-cloud remediation as part of new features in the Prisma Cloud Darwin release , we'd like to delve deeper into remediation. First, let's examine the challenges of risk remediation in cloud security. What permissions do vulnerable machines or containers have?

Software Review

Software Review Cloud Weak Development Team DevOps

Streamline Risk Management with Context-Based Risk Prioritization

Prisma Clud

NOVEMBER 9, 2023

Cloud security teams require a solution capable of combing through these signals, correlating them with business-critical applications and data, and intelligently guiding remediation actions based on priority, context and relevance. They don't offer the 360-degree visibility needed to tackle the multifaceted challenges.

Weak Development Team

Weak Development Team Software Review Cloud Compliance

Prisma Cloud Supports Amazon Security Lake as a Source Provider

Prisma Clud

MAY 30, 2023

Prisma Cloud aggregates our vulnerability detection data and sends our findings to Amazon Security Lake using the OCSF schema. Prisma Cloud by Palo Alto Networks is excited to co-launch the general availability of Amazon Security Lake with AWS.

Cloud

Cloud AWS Open Source Network

Analyzing CVE-2023-50164: Apache Struts Path Traversal Vulnerability

Prisma Clud

DECEMBER 20, 2023

Users of Prisma Cloud’s WAAS utilizing custom rules are safeguarded from related threats by the recently released custom rule designed to detect exploitation attempts of the vulnerability. On December 7, 2023, Apache released an advisory regarding CVE-2023-50164 , a critical vulnerability with a severity of 9.8

Software Review

Software Review Systems Review Open Source Healthcare

Detect DNS Threats for AWS Environments with Prisma Cloud

Prisma Clud

MARCH 21, 2023

DNS is still a common blind spot for many organizations, but the good news is Prisma Cloud can actively monitor DNS traffic on AWS with our agentless threat detection capabilities. AWS customers who use Prisma Cloud can thwart network exploits without reconfiguring their DNS or network infrastructure.

AWS

AWS Cloud Malware Machine Learning

Enhanced Pull Request Comments: Empower Developers to Ship Code That’s Secure by Default

Prisma Clud

APRIL 4, 2023

But that’s where pull request (PR) comments come in. With pull request comments, you can address code security issues — such as IaC misconfigurations, exposed credentials , and vulnerabilities in open source — early in the software development lifecycle, and empower yourself to ship code that’s secure by default.

Software Review

Software Review Development Open Source Systems Review

Agentless Workload Scanning Gets Supercharged with Malware Scanning

Prisma Clud

JUNE 22, 2023

Enterprises taking advantage of cloud-native architectures now have 53% of their cloud workloads hosted on public clouds, according to our recent State of Cloud-Native Security Report 2023. But, the sheer complexity of cloud technology can dramatically expand an organization’s attack surface.

Malware

Malware Linux Windows Operating System

High-Severity Vulnerabilities Discovered in WebM Project’s Libraries

Prisma Clud

OCTOBER 5, 2023

These vulnerabilities, which CISA identified as CVE-2023-4863 and CVE-2023-5217 in their Known Exploited Vulnerabilities (KEV) catalog , are now actively exploited in the wild. Because CVE-2023-4863 and CVE-2023-5217 pose a significant risk, we recommend that you take immediate action to apply patches and protect your systems. What Is CVE-2023-4863?

Software Review

Software Review Open Source Systems Review Cloud

Critical Vulnerability in Confluence Data Center and Server CVE-2023-22515

Prisma Clud

NOVEMBER 17, 2023

It's also essential to note that Atlassian Cloud sites are not susceptible to this vulnerability. The vulnerability is activated through a request directed at the unauthenticated /server-info.action endpoint. Figure 1: A GET request is dispatched to the ‘ /server-info.action ’ endpoint. Affected Versions: 8.0.0 - 8.0.4

Data Center

Data Center Data Cloud Authentication

All the Small Things: Azure CLI Leakage and Problematic Usage Patterns

Prisma Clud

NOVEMBER 14, 2023

Throughout the research, I was able to disclose more findings to some other groups that I can’t disclose, per their requests. At the beginning of July 2023, I took a stroll around the azure/login GitHub Action repository. Looked through the repository’s issues section, I immediately noticed issue number 315. Remember – “some cases”).

Azure

Azure Software Review Report Tools

Security Theater: Don’t Hang your Hat on Compliance

Prisma Clud

APRIL 18, 2024

It often results from a misunderstanding of what’s required for effective cloud security. It often results from a misunderstanding of what’s required for effective cloud security. Everyone answers to someone — whether it's a manager, director, CISO, CEO or the company board. Prologue : Intro to Security Theater Security theater.

Compliance

Compliance Culture Cloud Strategy

Ransomware in the Cloud: Breaking Down the Attack Vectors

Prisma Clud

NOVEMBER 29, 2023

The number of ransomware attacks, especially those involving Amazon S3 buckets, Azure Storage accounts and other cloud assets, has increased in recent years. In this blog post, we cut through the theory and delve into the practical aspects of ransomware attacks involving cloud environments. Data Deletion 1a.

Cloud

Cloud Comparison Storage Policies

Prisma Cloud Adds Telecommunications Security Act Compliance Framework

Prisma Clud

APRIL 17, 2024

Prisma Cloud has added the Telecommunications Security Act to its list of out-of-the-box compliance standards. What Does the Telecommunications Security Act Mean for Cloud Adopters? For telecom companies leveraging cloud infrastructure, the act emphasizes the need for a robust cloud security strategy.

Telecommunications

Telecommunications Compliance Cloud Policies

Prisma Cloud: Darwin Release Introduces Code-to-Cloud Intelligence

Prisma Clud

OCTOBER 18, 2023

Cloud applications power the modern enterprise. And each risk in code exponentially increases in the cloud, driving security teams to continuously react with runtime patching. But the game-changer lies in Prisma Cloud's Code-to-Cloud Intelligence. Security issues aren’t just identified.

Software Review

Software Review Cloud Innovation Applications

Code to Cloud Vulnerability Management

Prisma Clud

OCTOBER 26, 2023

They need full visibility into all assets, the compute workloads of their cloud environment — and that includes easy access to meaningful, actionable data. But without code-to-cloud context, developers can’t discern what's most important. 3 Security and InfoSec teams are in a race with malicious actors.

Cloud

Cloud Open Source Serverless Analysis

Prisma Cloud Provides New Extensive Use Cases for Azure Customers

Prisma Clud

NOVEMBER 10, 2022

Microsoft Azure customers can now secure their data and networks and gain broader governance across their cloud assets. Prisma Cloud, a leader in Cloud Security Posture Management (CSPM) , reduces the complexity of securing multicloud environments while radically simplifying compliance.

Azure

Azure Security Cloud Malware

Demystifying API Security: A Review of the OWASP Top 10 Risks for 2023

Prisma Clud

NOVEMBER 1, 2023

Without enforced authorization controls, an attacker can manipulate an object’s value in the request to access and alter objects they’re not authorized to interact with and possibly exfiltrate personal identifiable information (PII). The attacker might add a key-value pair within the HTTP request to set and override an object's property.

Software Review

Software Review Systems Review Authentication Resources

Disrupt Attack Paths: How to Prioritize Your Most Harmful Risk

Prisma Clud

APRIL 11, 2023

Among cloud deployments averaging 1000s of configuration violations, security teams are realizing approximately 1% of their issues involve interconnected misconfigurations that create attack paths for adversaries. In fact, 78% of organizations agree that cloud security needs more out-of-the-box visibility and risk prioritization filtering.

How To

How To Software Review Cloud Network

Why Healthcare Needs a Code-to-Cloud Security Platform

Prisma Clud

APRIL 11, 2024

The adoption of cloud infrastructure for application modernization is a significant trend, and healthcare is no different. However, the sensitive nature of health data, combined with the healthcare sector's increasing reliance on cloud infrastructure, makes it a prime target for cyberthreats. A Code to Cloud security platform can help.

Healthcare

Healthcare Cloud Compliance Infrastructure

Adopting Advanced Terraform Security Use Cases with Prisma Cloud

Prisma Clud

MARCH 1, 2023

Advanced Terraform security is a hot topic as you scale in the cloud. Because infrastructure as code (IaC) allows you to quickly spin up cloud resources at scale, leveraging an IaC framework like Hashicorp Terraform is key to helping your team move fast in the cloud. However, dynamic blocks and for_each arguments introduce risk.

Cloud

Cloud Infrastructure Resources Network

Prisma Cloud Integration With AWS IAM Identity Center and AWS Tag Support

Prisma Clud

JANUARY 31, 2023

Prisma Cloud helps AWS customers have a deeper view into entitlements and enforce consistent, least-privilege access for all users accessing AWS infrastructure. Identities have become the new cloud perimeter for security teams. Why AWS IAM Identity Center? IAM based federation vs AWS IAM Identity Center based federation.

AWS

AWS Cloud .Net Azure

Mitigate GraphQL Risks and Secure Your APIs with Prisma Cloud

Prisma Clud

APRIL 6, 2023

We’ll then take a closer look at common GraphQL security risks and outline how you can protect your GraphQL servers using Prisma Cloud’s Web App and API Security (WAAS) capabilities. REST APIs In many cases, when using traditional REST APIs to get the data you require, you'll need to send several requests to the API.

Cloud

Cloud Open Source Resources Data

Highlighting the Latest Compute Security Capabilities in Prisma Cloud

Palo Alto Networks

APRIL 28, 2020

Last month, we announced the latest release of Prisma Cloud , a comprehensive Cloud Native Security Platform (CNSP). You can find the details in our launch blog, “ Prisma Cloud Native Security Platform Embeds Security into DevOps Lifecycle.” Improving Host Security with AMI Scanning .

Cloud

Cloud Serverless Lambda Policies

Twistlock Is Now Prisma Cloud Compute Edition

Palo Alto Networks

NOVEMBER 26, 2019

This release is focused on two things: integration with Prisma Cloud, including a new SaaS deployment option, and integrating PureSec capabilities into serverless Defender. Reflecting the depth of this integration and those to come, Twistlock is also being rebranded to part of the Prisma Cloud family.

Serverless

Serverless Cloud Firewall Azure

Palo Alto Networks Shifts Left with Prisma Cloud 3.0

Palo Alto Networks

NOVEMBER 16, 2021

An ongoing stream of high-profile attacks spanning ransomware, malware in the supply chain, data leaks and more, are pushing public and private entities to adopt more proactive strategies for securing cloud infrastructure. The challenge in securing these cloud environments stems from the nature of the cloud itself.

Network

Network Cloud Azure Infrastructure

CTO Universe

Securing Your Metadata from Cloud Heists with Prisma Cloud’s Attack Path Policies

Zero Trust Security Model in Cloud Environments

Webinars

Trending Sources

Find and Fix XZ Utils in Just a Few Clicks

Webinars

Implement Zero Trust with Just-in-Time Access

Fixing Issues from Code to Cloud in One Place

Streamline Risk Management with Context-Based Risk Prioritization

Prisma Cloud Supports Amazon Security Lake as a Source Provider

Analyzing CVE-2023-50164: Apache Struts Path Traversal Vulnerability

Detect DNS Threats for AWS Environments with Prisma Cloud

Enhanced Pull Request Comments: Empower Developers to Ship Code That’s Secure by Default

Agentless Workload Scanning Gets Supercharged with Malware Scanning

High-Severity Vulnerabilities Discovered in WebM Project’s Libraries

Critical Vulnerability in Confluence Data Center and Server CVE-2023-22515

All the Small Things: Azure CLI Leakage and Problematic Usage Patterns

Security Theater: Don’t Hang your Hat on Compliance

Ransomware in the Cloud: Breaking Down the Attack Vectors

Prisma Cloud Adds Telecommunications Security Act Compliance Framework

Prisma Cloud: Darwin Release Introduces Code-to-Cloud Intelligence

Code to Cloud Vulnerability Management

Prisma Cloud Provides New Extensive Use Cases for Azure Customers

Demystifying API Security: A Review of the OWASP Top 10 Risks for 2023

Disrupt Attack Paths: How to Prioritize Your Most Harmful Risk

Why Healthcare Needs a Code-to-Cloud Security Platform

Adopting Advanced Terraform Security Use Cases with Prisma Cloud

Prisma Cloud Integration With AWS IAM Identity Center and AWS Tag Support

Mitigate GraphQL Risks and Secure Your APIs with Prisma Cloud

Highlighting the Latest Compute Security Capabilities in Prisma Cloud

Twistlock Is Now Prisma Cloud Compute Edition

Palo Alto Networks Shifts Left with Prisma Cloud 3.0

Stay Connected