Palo Alto Networks Updates CNAPP to Improve Cloud Security
Palo Alto Networks today updated its cloud-native application protection platform (CNAPP) with a dashboard that makes it easier to prioritize risks and incidents. In addition, the dashboard provides IT teams with more context by bringing together misconfiguration and vulnerability data.
In addition, the company has added more granular role-based access controls to ensure the Prisma Cloud platform itself is not easily compromised.
Ankur Shah, senior vice president and general manager for Prisma Cloud at Palo Alto Networks, said the goal is to provide both cybersecurity and application developers more insights into the severity of the vulnerabilities that are impacting IT environments at runtime. Armed with that information, it then becomes much easier for application developers to prioritize which vulnerabilities to address, he added.
At the core of the historic tension between cybersecurity and application development teams is a lack of context. All too often, cybersecurity teams create a long list of vulnerabilities that, while potentially relevant, may not actually impact an IT environment based on the way applications have been actually deployed and configured. Application developers, meanwhile, are trying to strike a balance between writing code to develop new features and capabilities versus spending time remediating vulnerabilities and patching software in ways that might potentially break an application.
Prisma Cloud is specifically designed to secure cloud platforms that are typically configured using infrastructure-as-code (IaC) tools using cloud infrastructure entitlement management (CIEM) capabilities. Other capabilities added to the platform include automated policy generation tools and rules for setting up identity-based microsegmentation, tools for discovering changes to cloud configurations and an adoption advisor that provides guidance on how best to employ the Prisma Cloud platform to achieve cloud security posture management (CSPM) for specific IT environments.
There is also an agentless scanning capability that IT organizations can use to better secure lightweight applications that don’t lend themselves to embedded agents within the application.
In general, CNAPP is a term coined by Gartner to describe the aggregation of two cloud security tools. The first is known as a cloud security posture management (CSPM) platform that is used to surface misconfigurations and other vulnerabilities that cybercriminals could potentially exploit. The second is a cloud workload protection platform (CWPP) to harden the application runtime environment. That approach makes it possible to apply security policies regardless of what type of application is deployed.
At this juncture, there is no shortage of CNAPP options, so each organization will need to determine which approach best suits the needs of its cybersecurity teams and the application development teams they need to collaborate with to ensure security. In theory, of course, more responsibility for application security is shifting left toward application developers. However, in practice it’s generally still the cybersecurity team that is held accountable whenever there is a breach.
Regardless of approach, cybercriminals are clearly scanning for vulnerabilities to exploit as more workloads are shifted to the cloud. The challenge is that securing cloud computing environments is very different from a legacy on-premises IT environments. Cybersecurity teams now find themselves in a race against time to understand what’s really required to secure a cloud computing environment.
