Palo Alto Networks aims to secure DevOps workflows with new Prisma Cloud release

Palo Alto Networks Inc. today debuted a new release of Prisma Cloud, its cloud security platform, that adds features for blocking vulnerabilities during the application development and deployment process.

Prisma Cloud combines several different technologies that Palo Alto Networks obtained through a recent startup acquisition spree. The company shelled out more than $1 billion on acquisitions in 2019 alone.

Palo Alto Networks is introducing a policy engine for securing continuous integration and continuous delivery pipelines. CI/CD pipelines are automated workflows that enterprise software teams use to roll out code to production. Prisma Cloud now lets administrators set up policies to ensure that code deployment workflows comply with the industry-standard CIS set of security best practices and other security standards.

“Customers now have the ability to set policies for vulnerability and compliance governing CI and CD workflows directly from the centralized Prisma Cloud dashboard, “John Morello, Palo Alto Networks’ head of product for container and serverless security, wrote in a blog post.

The new Prisma Cloud release also adds a tool for protecting cloud application components hosted on AWS Lambda, Amazon Web Services Inc.’s widely used serverless computing service. The tool is based on technology that Palo Alto Networks obtained through the purchase of PureSec Ltd. in mid-2019. PureSec’s technology scans a Lambda workload to find misconfigurations and other security issues, then creates a sort of virtual shield around the workload that prevents hackers from exploiting the flaws.

Capping off the update are improvements to Prisma Cloud’s vulnerability scanning features. The platform can now look for insecure configuration settings in infrastructure-as-code templates, blueprints that engineers use to quickly set up cloud environments according to a certain predefined specification. In the same spirit, the release adds the ability to look for vulnerabilities inside AMIs, which serve a similar function as infrastructure-as-code templates on AWS.

“This provides DevOps and security teams with added visibility into the security posture of their AMIs before they’re ever deployed,” Palo Alto Networks’ Morello wrote.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x