Palo Alto Networks announced Prisma Cloud 3.0 at its Ignite conference. The product aims to ‘shift security left’, a term used by the organization to describe bringing more security to developers. Prisma Cloud 3.0 should enable companies to use the cloud more securely and be less at risk.
One of the ways in which Palo Alto makes its Pisma Cloud platform more suitable for developers is Cloud Code Security. It brings Infrastructure as Code (IaC) scanning and code recovery to developer tools. As a result, infrastructure security standards are enforced. To do this, Palo Alto relies on technology from BridgeCrew, a recently acquired company. Currently, the functionality is available as a beta. A general release will follow in January.
To further secure infrastructure, Palo Alto introduces Cloud Infrastructure Entitlement Management (CIEM) for Microsoft Azure. This functionality already exists for AWS and involves analyzing permissions. It should ensure that “cloud accounts with excessive permissions, dormant permissions or cloud identity issues are addressed across all clouds.” With the product available immediately, Palo Alto is extending functionality to Azure and Azure Active Directory.
Agentless Security Adoption Advisor
Another component of Prism Cloud 3.0 is agentless security, as described by Palo Alto. Agentless security should give organizations visibility into cloud workload and application risks, complementing existing agent-based protection. Palo Alto claims to be the only one to offer a platform with agentless and agent-based security built-in. The technology used is based on Twistlock. Agentless security should be available in January.
In addition, there is the Adoption Advisor. Prisma Cloud offers a dashboard that can be used to measure how certain security measures take effect. In the current beta version, Adoption Advisor Cloud offers Security Posture Management (CSPM) capabilities. Other features are planned to follow.
With Prisma Cloud 3.0, Palo Alto also wants to reduce the time required to identify and repair misconfigurations. By detecting event-driven configuration changes as they happen, the organization promises to shorten necessary time investments from hours to minutes.