Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities.
The vendor said the updates are designed to help organisations monitor and secure web applications without impacting performance. The move comes as businesses continue to expand their use of cloud environments and face demands in managing the complexity of cloud migration, securing applications across their lifecycle, and preventing web application attacks.
Prisma Cloud updates introduce “novel approach” to web application security
In a press release, Palo Alto stated that the latest Prisma Cloud version offers a novel approach to securing web applications and cloud environments that combines both inline and out-of-band methods.
Until now, a primary approach to securing web applications has been to deploy inline web application firewalls (WAFs), but some organisations are reluctant to introduce WAFs or API security solutions inline to protect business-critical or sensitive applications due to performance and scalability concerns, the vendor said.
“By adding out-of-band WAAS to Prisma Cloud, we are empowering customers with flexible security options that fit their evolving application needs,” commented Ankur Shah, senior vice president, Prisma Cloud products, Palo Alto Networks.
“As more organisations move workloads to the cloud, the capabilities that make up Prisma Cloud help provide simple yet comprehensive protection.”
Deeper application visibility aims to address expanding attack surface
Palo Alto has also integrated new threat detection, asset inventory, and identity management capabilities to its platform to enhance application visibility. This is intended to address the expanding cloud infrastructure attack surface as application use rises, the company said.
These features include a multi-cloud graph view for cloud infrastructure entitlement management across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud for the discovery of over-privileged accounts and access risks.
This is in addition to DNS-based threat detection that leverages machine learning and advanced threat intelligence to identify bad actors hiding in DNS traffic alongside MITRE ATT&CK alert prioritisation to enable security teams to prioritise risks and incidents based on the widely adopted framework.
Effective web application monitoring and security critical for businesses
With reliance on web applications ever more pervasive among modern organisations, the ability to effectively monitor and secure them has become critical for businesses.
“Web application attacks are the most common cause of breaches, according to Forrester’s research,” Forrester principal analyst Sandy Carielli tells CSO.
“Attackers will pepper web applications with standard application attacks like the OWASP Top 10, and they will also attempt bot attacks that take advantage of legitimate business logic. APIs are also subject to a range of attacks that can lead to data leaks.”
Omdia principal analyst Rik Turner concurs. “With COVID-19 having turbocharged digital transformation, orgs’ web applications have become more important than ever, whether for e-commerce, customer interactions, online teaching, or e-government. As such, they have become even juicier targets than they were before the pandemic. Monitoring and securing web applications has become a critical capability.”
Tackling excessive web application privilege issues is particularly important because many privileges tend to persist even after people either leave a company or move onto another project and no longer require access to a certain asset, Turner adds. The out-of-band approach Palo Alto has introduced addresses another important element in the web application security equation as well, he says.
“All out-of-band security is designed to minimise the impact of the security tool on the thing it is protecting, i.e., avoiding the additional latency that comes with inline platforms.
"That goes for web applications too, in that you don’t want to slow down communications between the web front end and any back-end servers / applications / databases, so as not to negatively impact the customer experience (CX).”
Security functions must have visibility of the flaws applications have so that dev teams can work to fix them and security teams can protect applications from exploits targeting them until the fix is available, Carielli says. “No application is perfect, and fixes, even for high-profile vulnerabilities, aren’t instantaneous. They require development, testing, etc.
A good example is Log4j. While everyone worked to upgrade their applications’ Log4j libraries, production-side protections blocked attempted exploits.”