Palo Alto Networks this week updated the Cloud Workload Protection module in its Prisma Cloud platform to add the ability to analyze container images using machine learning algorithms within a sandbox along with an ability to automatically protect virtual machines running in Microsoft Azure and Google Cloud Platform (GCP) alongside existing support for Amazon Web Services (AWS).
At the same time, Palo Alto Networks is adding Windows and service mesh support to the web application and application programming interface (API) security tools it provides via the platform in addition to improved API telemetry.
Finally, Palo Alto Networks also revealed that Prisma Cloud has now been certified as a vulnerability scanner by Red Hat.
John Morello, vice president for container and serverless security at Palo Alto Networks, said these latest updates are part of an ongoing effort to streamline security; making it simpler to employ a single integrated platform versus requiring security teams to integrate a wide range of security platforms on their own.
Most security teams today spend a lot of time and money on integrating the diverse platforms they rely on to secure their environments. Palo Alto Networks is making a case for an integrated platform that addresses everything from scanning containers for vulnerabilities to security automation as part of an effort to reduce the total cost of security, said Morello.
In the case of containers, for example, Prisma Cloud analyzes the actual runtime for dynamic threats, learns all the processes that will be run—including the network activity for the image and all file systems being accessed—to build a model of what the image will do. Any deviation from that behavior generates an alert.
That capability is also being made accessible via the Prisma Cloud Command Line Interface (CLI) to enable developers to scan images for vulnerabilities, compliance issues, malware and secrets from either their laptop or within the context of a continuous integration/continuous delivery (CI/CD) process.
In general, Palo Alto Networks is trying to foster a ‘team sport’ approach to cybersecurity, said Morello. In some instances, responsibility for security can be shifted left toward developers to advance adoption of DevSecOps best processes. However, there are still plenty of tasks that require the expertise of a cybersecurity professional. Regardless of who is responsible for performing a security task, however, an organization should only need to deploy one platform, noted Morello.
In the longer term, the more security functions that are integrated the simpler it becomes to apply automation at scale, added Morello. A single platform also makes it possible to collect enough data to apply machine learning algorithms and other forms of artificial intelligence (AI) at scale, he noted.
It remains to be seen to what degree organizations may be willing to rationalize legacy cybersecurity investments to take advantage of the capabilities of more integrated platforms. However, as the pressure to rein in the cost of cybersecurity increases even as the overall attack surface continues to grow, the pressure on security teams to at least reevaluate their options is starting to build.