Palo Alto Networks updates Prisma Cloud CSPM, adds new detection capabilities

Get a free Techzine subscription!

Palo Alto Networks introduced five new capabilities to the cloud security posture management of Prisma Cloud. These updates include a visibility-as-code feature and a pair of threat detection capabilities that can protect customers against crypto-jacking and data exfiltration.

Varun Badhwar, SVP of products for Prisma Cloud at Palo Alto Networks, said that the CSPM market was rule- and policy-based when it began and built around cloud misconfigurations. Badhwar is also the co-founder and former CEO of RedLock, one of the early CSPMs that Palo Alto purchased in 2018.

Tech acquisitions

In the same year, it also acquired Evident.io (a cloud services infrastructure protection startup) and used the technologies from the two companies to bolster its CSPM capabilities, to augment Prisma Cloud. Even though these tools and processes have been used by companies to mitigate cloud misconfigurations that can leak data, the pioneering CSPMs started about half a decade ago and could not have anticipated the threats emerging these days.

New threats include using companies’ compute capabilities, which can be quite substantial, to mine for crypto or gain access to admin privileges for nefarious purposes.

Where Prisma Cloud CSPM excels

Subsequently, all these factors force the industries reliant on secure networks to think about how they move above and beyond the traditional rule-based engines. Badhwar says that where Palo Alto Networks really excels, is not just looking at configurations of what could go wrong, but placing emphasis for customers, exactly what threats are under active exploitation in their environments. That way, they can learn what is going wrong, where, and all in real-time. The other updates include anomalous compute provisioning detection and customizable object-level scanning for Amazon Web Services S3.