Palo Alto Networks today updated its cloud security posture management (CSPM) platform to include a range of capabilities that make it simpler for security teams to prioritize which cloud threats they respond to first.
Ankur Shah, vice president of product for public cloud security, said the latest edition of Prisma Cloud will make it easier for security team to proactively respond to threats and vulnerabilities that are being encountered with greater frequency as developers continue to provision their cloud infrastructure.
Additional capabilities being added to Prisma Cloud include the ability to now identify vulnerable services by visually tracing how they might be maliciously accessed by cybercriminals. That True Internet Exposure capability leverages that abstraction layer created by Prisma Cloud to identify the network path between a source and destination, said Shah.
Palo Alto Networks is also now making it possible for security teams to extend the reach of its CSPM whenever a new cloud service is adopted by their organization. Within days, security teams can now add a YAML file to add support for either a service that is being invoked by a developer or as cloud service providers roll out new services, noted Shah. In effect, Palo Alto Networks is adding a visibility-as-code capability to enable security teams to cope with the rise of infrastructure-as-code, noted Shah.
In addition, Palo Alto Networks has added tools based on machine learning algorithms that detect the provisioning of an abnormal number of virtual machines. Those algorithms also alert security teams if a user appears to jump from one location to another or tries to hide behind an exit node running the Tor protocol for anonymous communication.
That capability is critical because many cybercriminals are no longer stealthily trying to hijack compute resources to illicitly mine for cryptocurrencies. Instead, Shah said, they are hijacking a massive amount of expensive compute resources all at once in the hope no one will notice before the next monthly installment of a bill from their cloud service provider arrives. That shift in tactics is occurring as the valuations of cryptocurrency continue to steadily rise, he noted.
Finally, Palo Alto Networks is adding support for customizable object level scanning of AWS S3 storage buckets. That capability makes it possible for security teams to save time and money by selecting what types of data they want to scan versus always having to scan an entire AWS S3 storage system, said Shah.
While cloud platforms are generally secure, the processes employed to provision them is creating a host of security issues that generally stem from misconfigurations. Prisma Cloud, as a CSPM platform, is designed to enable security teams to identify vulnerabilities inadvertently created by developers before they are exploited, said Shah.
It’s not clear just how big an issue cloud security has become, but with more workloads than ever being deployed in the cloud by developers working largely from home, the attack surface has greatly expanded. Security teams, in many cases also working from home, have lacked the tools and platforms required to make sure those workloads are secure. In fact, at this point, it’s not so much an issue as to whether there will be cloud security breaches, but rather, how many.