Palo Alto Networks has bolstered its security software to better protect enterprise Software-as-a-Service (SaaS) applications.
The company rolled out a new version of its core cloud-security package, Prisma 3.0, which includes the ability to code security directly into SaaS applications. The package includes a cloud-access security broker (CASB) to control access to cloud resources.
Prisma is a cloud-based security bundle that includes access control, advanced threat protection, user-behavior monitoring, and other services that promise to protect enterprise applications and resources. Managed through a single console, Prisma includes firewall as a service, Zero Trust network access and a secure web gateway.
The overarching goal is to protect web and non-web applications. The challenge securing cloud environments stems from the nature of the cloud itself. Workloads and resources in the cloud are broadly distributed and highly ephemeral, wrote Ankur Shah, senior vice president and general manager of Palo Alto’s Prisma Cloud business in a blog about the new software. “One new cloud account connects with workloads, applications, and data, where each point presents potential attack vectors,” he wrote.
Palo Alto Networks Unit 42 cloud-threat researchers found that between April and June 2020, cloud security incidents increased by an astounding 188 per cent, and some industries saw increases of more than 400 per cent, Shah stated.
The new Prisma release includes support for infrastructure as code (IaC) scanning and code fixes that can be embedded into developer tools across the development lifecycle.
The package has also been upgraded to support agentless scanning that looks at cloud provider APIs and disk snapshots to determine vulnerabilities.
Prisma also now includes pre-defined rules, application profiling, and automated policy creation to simplify and accelerate microsegmentation where needed.
“These new rules are validated, predefined microsegmentation rules that can help secure common applications in just minutes," Shah stated. “Application profiling is a simple workflow that automatically generates the optimal, least-privilege microsegmentation rules for any cloud-native application, with a single click. These new capabilities help security teams accelerate their Zero Trust adoption, simplify policy creation and minimise human error."
On the CASB front, Palo Alto has bolstered the broker’s machine-learning capabilities to help identify new or unsanctioned SaaS applications as they become popular, classify them, and apply appropriate security policies, according to Anand Oswal, senior vice president and general manager of Palo Alto. The idea is to protect sensitive data in real-time with Enterprise Data Loss Prevention, which incorporates machine learning, optical character recognition, and natural language processing, Oswal stated.
With increased business use of Slack, Microsoft Teams, Zoom, and other collaboration apps, users are sending shorter, more frequent messages. "Confidential information is more unstructured than ever and increasingly difficult to protect with existing CASB solutions," Oswal stated. "This makes data breach prevention, compliance and data privacy very difficult tasks for any organisation."
Legacy CASB solutions focus only on apps accessible via HTTP/S, so they miss non-SaaS and non-web apps that account for over half of all enterprise traffic. They rely on static databases and support requests for app discovery, hindering their ability to identify or contain new SaaS apps before they are a risk. They also lack APIs to secure collaboration applications heavily utilised by hybrid workforces, Oswal stated.
The new CASB within Prisma addresses those concerns and uses Palo Alto’s global network of 80,000 customers with millions of sensors across SaaS, IaaS, endpoint, network and Unit 42 research to help stop known, unknown, and zero-day threats, Oswal stated.
Beyond Prisma, Palo Alto rolled out the first specialisation offering for its NextWave Managed Service Program (MSP). The NextWave MSP is made up of about 300 partners who integrate, support and help manage Palo Alto security services.
The specialisation brings support for Palo Alto’s Cortex eXtended Managed Detection and Response (XMDR) service which offers network, endpoint and cloud data security.
The Cortex XMDR Specialisation will let partners worldwide combine Cortex XDR, with their managed-services offerings to help customers streamline security operations center (SOC) operations and quickly mitigate cyber threats, Palo Alto stated.