Palo Alto Networks has added new “code to cloud” intelligence capabilities to the latest version of its cloud-native application protection platform (CNAPP), Prisma Cloud, to offer a single source of truth around application risk for developers, operations, and security teams.
The latest upgrade to Prisma Cloud, dubbed Darwin release, is adding a suite of capabilities aimed at enabling organizations to address key security risks at the coding stage of the production cycle and integrate the changes in the entire cloud workflow.
“Prisma Cloud, now with code-to-cloud intelligence, fosters collaboration between developers and security professionals by linking production security issues to specific remediation recommendations in code,” said Ankur Shah, senior vice president of Prisma Cloud at Palo Alto Networks.
The new release, with all the added capabilities, is available to customers at the launch for no additional charges.
Tracing faults to the source with business context
The Darwin release is picking up a host of features designed to enable security teams to effectively hunt and manage vulnerabilities and misconfigurations.
The main principle is to create a map of an organization’s existing cloud applications, their interconnections, and all the possible attack paths. The tools also allow for tracing an exploit or misconfiguration back to its source code to be able to fix it there.
The stack of new capabilities featured in the release includes AppDNA, Infinity Graph, code-to-cloud vulnerability management, code-to-cloud remediation, shadow cloud discovery, and code-to-cloud dashboard.
While AppDNA and Infinity Graph focus on each application’s business context and their interdependencies to understand and map all the possible attack paths, code to cloud helps trace a problem back to the code and fix it there with easy navigation through the code to cloud dashboard.
“This code to cloud approach helps security work better and support development with the right security tools, processes, and policies to mitigate risk, and then they can also respond faster when security issues are detected,” said Melinda Marks, senior analyst at ESG. “It is nice to see these new capabilities, partly resulting from the Cider acquisition, to better incorporate security into the development processes.”
Cider, an AppSec and Software supply chain security vendor, was acquired by Palo Alto Networks in December 2022.
Existing solutions are siloed and cumbersome
Rapid cloud adoption overwhelms security teams as they struggle to cope with the increased number of applications and cloud security tools. The scattered defense, according to Shah, leads to difficulties in managing and remediating problems.
“Current approaches for code to cloud security are siloed, with the average organization relying on six to ten tools for securing cloud infrastructure alone,” Shah. “Disparate tools lead to an incomplete security posture and create a massive operational burden for security teams.”
Prisma Cloud’s code-to-cloud intelligence capabilities promise a single, trusted place that connects insights from the developer environment through application runtime for security teams to contextualize alerts and pinpoint remediations. “With code to cloud intelligence, security teams are able to tell developers which applications are at risk, which ones to prioritize, and how to fix them with a few clicks. This is only possible through the context that Prisma Cloud generates as an application moves through the software supply chain,” Shah added.