Prisma Cloud eliminates dangerous blind spots and frees security teams from alert fatigue
New updates to Prisma Cloud, the Palo Alto Networks Cloud Security Posture Management (CSPM) solution, help eliminate dangerous cloud blind spots and free security teams from the burden of alert fatigue. These essential features are available to the more than 2,000 companies that trust Prisma Cloud, as well as future customers.
Cloud environments are becoming more and more complex as organizations add more and more cloud providers, users, applications and resources. Most security solutions are not designed for this new world and lack the end-to-end visibility needed to accurately assess risks and alert security teams to advanced attacks, leaving them to manage both cloud resources insecure and the cacophony of false positive alerts. Updates to Prisma Cloud CSPM help security teams resolve these issues.
“Businesses don’t want to slow down to secure the cloud, and they shouldn’t have to,” said Varun Badhwar, senior vice president, Prisma Cloud at Palo Alto Networks. “An ideal CSPM solution must provide coverage for all cloud resources, must stay current as new resources are introduced, and must effectively detect actual attacks while minimizing unnecessary false positives. Prisma Cloud solves these problems and enables organizations to scale quickly while remaining secure.
The five new features of Prisma Cloud are:
Real exposure on the Internet
Legacy CSPM solutions generate alerts for any overly permissive security group, even if the security group is not publicly exposed. True Internet Exposure provides end-to-end visibility of the network path between any source and destination, eliminating unnecessary alerts associated with cloud instances and unexposed security groups.
Visibility as code
Cloud service providers publish and update hundreds of new services for their platforms every year. When organizations use these new services before their CSPM solution supports them, they end up with security blind spots. With Visibility-as-Code, Prisma Cloud can now support new cloud services in days, giving development teams the freedom to take advantage of the latest cloud services while giving security teams the security measures they need. .
Network data exfiltration detection
Many basic security solutions focus only on detecting configuration errors based on static rules, so they may not be effective when it comes to real security attack objectives, such as as data exfiltration. Prisma Cloud uses machine learning to analyze large amounts of network flow logs and understand each customer’s typical traffic pattern, which is then used to detect and alert on abnormal egress traffic to any IP address, including digital output nodes. This allows security teams to focus their remediation efforts on the most dangerous data exfiltration attacks and avoid unnecessary warning storms.
Abnormal compute provisioning detection
Security teams need an efficient way to detect cryptojacking and other anomalous provisioning of compute resources. Abnormal compute provisioning detection can identify the provisioning of an abnormal number of virtual machines, which can often be due to encryption hijacking or resource misuse. The machine-learning-based policy also alerts security teams if a user appears to be jumping from one location to another or tries to hide behind a digital output node.
Customizable object-level analysis for AWS S3
Prisma Cloud assesses the configuration of resources and enables customers to analyze objects in their S3 buckets for public exposure, identify sensitive data and detect malware. Customizable object-level analysis now offers customers a la carte analysis, allowing them to select specific analysis capabilities on their own. This saves time and money while reducing the volume of alerts.
“Gaining visibility into misconfigurations and identifying cloud infrastructure threats in dynamic public cloud environments is an ongoing challenge for organizations,” said Doug Cahill, vice president and group director, Cybersecurity at ESG. “The new features of Prisma Cloud allow security teams to do this on a greater scale than ever before and reduce the total number of alerts that must be addressed by security teams. “
Abnormal compute provisioning detection is available now. Visibility as a code for OCI is available now. True Network Exposure for AWS, Customizable Object-Level Analysis for AWS S3, and Network Data Exfiltration Detection will be available over the next two months. The availability of some features on additional clouds will follow.