Palo Alto Networks this week announced that its agentless Cortex Xpanse tool for discovering cloud assets is now integrated with Prisma Cloud, a platform it provides for managing security across both legacy and emerging cloud-native IT environments.
Cortex Xpanse is based on a tool for collecting data about the attributes of a device or service on the internet that Palo Alto Networks acquired late last year via its acquisition of Expanse. Palo Alto Networks then integrated that tool with Cortex, its own suite of tools for identifying what assets in an IT environment are under attack, to create Cortex Xpanse.
Greg Heon, director of product management for Palo Alto Networks, said the integration of Cortex Xpanse with Prisma Cloud will make it easier for customers that have standardized on Prisma Cloud to discover, for example, unmanaged assets on a public cloud that need to be secured or whether someone is using an insecure remote desktop protocol (RDP) to access a software-as-a-service (SaaS) application.
In the wake of the COVID-19 pandemic, cybersecurity has never been more difficult to achieve and maintain. End users are now regularly working from home using endpoints into which many cybersecurity teams have little to no visibility much less the ability to secure. At the same time, developers are deploying applications in cloud computing environments that can be easily misconfigured using tools such as Terraform. Nevertheless, the rate at which new applications are being deployed in cloud environments has increased as organizations launch multiple digital business transformation initiatives. Cybersecurity teams, already stretched thin prior to the pandemic, are not always kept informed when those initiatives are launched. Cortex Xpanse makes it possible for cybersecurity teams to discover those unmanaged assets as a first step toward investigating how best to secure them, said Heon.
Theoretically, the rise of DevSecOps best practices should one day lead to a melding of development and cybersecurity workflows. Unfortunately, the number of organizations that have been able to implement DevSecOps best practices is still relatively low. In practice, developers are rushing to build and deploy applications at a pace that doesn’t always leave room for observing all the proper cybersecurity protocols. There are simply not enough cybersecurity professionals available to embed needed talent and skills within all the DevOps workflows that might be active at any one time. Cortex Xpanse provides a mechanism that enables cybersecurity teams to discover what assets are being employed without necessarily having to insert themselves directly within an application development project.
Heon said, like it or not, the attack surface that cybersecurity teams are expected to defend is often expanding without their direct knowledge. In an ideal world, cybersecurity teams would be kept informed of every change to an IT environment. Human nature being what it is, however, means cybersecurity teams – that are ultimately accountable for a cybersecurity breach – need to find a way to discover what’s really happening across an enterprise IT environment that is becoming more extended with each passing day.