{"id":119928,"date":"2020-10-13T00:00:10","date_gmt":"2020-10-13T07:00:10","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=119928"},"modified":"2020-12-04T03:31:48","modified_gmt":"2020-12-04T11:31:48","slug":"cloud-evolution-comprehensive-cnsp","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/10\/cloud-evolution-comprehensive-cnsp\/","title":{"rendered":"Prisma Cloud 2.0: The Industry\u2019s Most Comprehensive CNSP"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">With the rollout of Prisma Cloud in November 2019, Palo Alto Networks <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2019\/11\/cloud-native-security-platform\/\"><span style=\"font-weight: 400;\">announced a new category<\/span><\/a><span style=\"font-weight: 400;\"> in cloud security \u2013 the Cloud Native Security Platform (CNSP) \u2013 for securing cloud native applications. Today, our release of Prisma Cloud 2.0 presents an evolution in the space with four new functionality modules and further platform alignment with key user needs and market categories.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\"><div class=\"styleIt\" style=\"width:560px;height:315px;\"><lite-youtube videoid=\"L3GEteRHzEE\" ><\/lite-youtube><\/div><\/span><\/p>\n<p>&nbsp;<\/p>\n<h6><b>Cloud Security Posture Management\u00a0<\/b><\/h6>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/cloud\/cloud-security-posture-management\"><span style=\"font-weight: 400;\">Cloud Security Posture Management<\/span><\/a><span style=\"font-weight: 400;\"> (CSPM) leverages data from public cloud service providers to deliver continuous visibility, security policy compliance and threat detection across cloud resources, users, data and applications. CSPM includes <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/resources\/techbriefs\/shift-left-and-enable-devsecops\"><span style=\"font-weight: 400;\">shift-left capabilities<\/span><\/a><span style=\"font-weight: 400;\"> to scan infrastructure-as-code (IaC) templates across the application lifecycle.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h6><b>Cloud Workload Protection\u00a0<\/b><\/h6>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/cloud\/cloud-workload-protection-platform\"><span style=\"font-weight: 400;\">Cloud Workload Protection<\/span><\/a><span style=\"font-weight: 400;\"> (CWPP) helps secure cloud native applications across the application lifecycle, defined by the requirement to protect hosts (VMs), containers and serverless from a single console. <\/span><\/p>\n<p>&nbsp;<\/p>\n<h6><b>Cloud Network Security\u00a0<\/b><\/h6>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/cloud\/cloud-network-security\"><span style=\"font-weight: 400;\">Cloud Network Security<\/span><\/a><span style=\"font-weight: 400;\"> (CNS) helps protect cloud networks and applications, combining network visibility and microsegmentation for full-stack network security across multi- and hybrid-clouds.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h6><b>Cloud Infrastructure Entitlement Management\u00a0<\/b><\/h6>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/cloud\/cloud-infrastructure-entitlement-management\"><span style=\"font-weight: 400;\">Cloud Infrastructure Entitlement Management<\/span><\/a><span style=\"font-weight: 400;\"> (CIEM) enables visibility and control over cloud identities to ensure least-privileged user access governing cloud resources, compute and data.<\/span><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_119942\" aria-describedby=\"caption-attachment-119942\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:56.22%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-119942 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/10\/image6.png\" alt=\"Prisma Cloud: Cloud Native Security Platform (CNSP). In Prisma Cloud 2.0, there are four platform pillars and functionality modules: Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security and Cloud Infrastructure Entitlement Management\" width=\"900\" height=\"506\" \/><\/span><\/div><figcaption id=\"caption-attachment-119942\" class=\"wp-caption-text\">New Prisma Cloud platform pillars and functionality modules<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">The Need for a Cloud Native Security Platform<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">We're releasing Prisma Cloud 2.0 to support the many enterprises that are actively embracing multi-cloud architectures across various compute paradigms. According to the <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/state-of-cloud-native-security\"><span style=\"font-weight: 400;\">2020 State of Cloud Native Security Report<\/span><\/a><span style=\"font-weight: 400;\">, infrastructure and security leaders shared:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>They are in a multi-cloud world: <\/b><span style=\"font-weight: 400;\">94% of respondents shared they are using more than one cloud platform, with 60% stating they use between two and five cloud platforms.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Organizations are also leveraging multiple compute offerings:<\/b><span style=\"font-weight: 400;\"> According to our survey, 86% of organizations expect their usage of cloud workloads to increase or stay the same, using a combination of VMs, containers, containers-as-a-service (CaaS) and platform-as-as-service (PaaS)\/Serverless architectures.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">As organizations march forward in their multi-cloud and multi-compute reality, they require new capabilities to implement consistent cloud security policies and manage risk holistically. These needs are best met through a single, comprehensive platform \u2013 indeed, 51% of high-performing organizations in the report said a single end-to-end solution <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/06\/cloud-native-security-genome\/\"><span style=\"font-weight: 400;\">would improve their cloud security posture<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These organizations have a need to eliminate overhead associated with maintaining open source and point solutions, and eliminate the visibility gaps in a disjointed security stack. Consolidated platforms can also reduce alert fatigue and help control shadow IT associated with complex multi- and hybrid-cloud environments.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Four New Modules Integrated Within Prisma Cloud 2.0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">This latest release further allows organizations to implement consistent cloud security policies, all within a single solution and controlled from one dashboard. Below, we highlight the latest capabilities added to Prisma Cloud for its 2.0 release.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h5><b>Data Security: Discovery, Classification and Malware Detection for AWS S3<\/b><\/h5>\n<p><a href=\"http:\/\/blog.paloaltonetworks.com\/prisma-cloud\/protect-sensitive-cloud-data\"><span style=\"font-weight: 400;\">Prisma Cloud Data Security<\/span><\/a><span style=\"font-weight: 400;\"> is purpose-built to address the challenges of discovering and protecting data at the scale and velocity common in public cloud environments. These new capabilities reduce the burden on security teams by providing a cloud native solution that leverages <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/enterprise-data-loss-prevention\"><span style=\"font-weight: 400;\">Palo Alto Networks Enterprise DLP<\/span><\/a><span style=\"font-weight: 400;\"> engine to help easily discover and protect sensitive data stored across public cloud environments. The Data Security module also uses Palo Alto Networks industry-leading <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/products\/secure-the-network\/wildfire\"><span style=\"font-weight: 400;\">WildFire service<\/span><\/a><span style=\"font-weight: 400;\"> to detect known and unknown malware that may have infiltrated the customer\u2019s Amazon Web Services Simple Storage Service (AWS S3) buckets.<\/span><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_119955\" aria-describedby=\"caption-attachment-119955\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:55.89%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-119955 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/10\/image3.png\" alt=\"This screenshot shows the Data Security Dashboard in Prisma Cloud 2.0, including information such as Total Buckets, Total Objects, Top Publicly Exposed Objects by Classification, and Top Object Owners by Exposure.\" width=\"900\" height=\"503\" \/><\/span><\/div><figcaption id=\"caption-attachment-119955\" class=\"wp-caption-text\">Prisma Cloud Data Security dashboard<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">At launch, Prisma Cloud Data Security will enter limited GA and be available to a subset of Prisma Cloud Enterprise Edition customers.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h5><b>Web Application and API Security: Protecting Web Applications and APIs from Attacks<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">Cloud native applications are made up of a combination of containers, functions and underlying host compute resources, and require protection for front-end facing web applications and APIs. The latest release integrates <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/prisma-cloud\/secure-cloud-native-api-microservices\/\"><span style=\"font-weight: 400;\">Web Application and API Security<\/span><\/a><span style=\"font-weight: 400;\"> into the Prisma Cloud unified agent framework.<\/span><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_119968\" aria-describedby=\"caption-attachment-119968\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:56.22%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-119968 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/10\/image1.png\" alt=\"This screenshot shows an example of configuring Web Application and API Security in Prisma Cloud 2.0. The example screen features options for App Detection, App Firewall and Access Content\" width=\"900\" height=\"506\" \/><\/span><\/div><figcaption id=\"caption-attachment-119968\" class=\"wp-caption-text\">Configuring Web Application and API Security in Prisma Cloud<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Users can protect applications against the <\/span><a href=\"https:\/\/owasp.org\/www-project-top-ten\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">OWASP Top 10<\/span><\/a><span style=\"font-weight: 400;\"> critical security risks for web applications, secure APIs from application-layer attacks, implement file upload protection and more \u2013 all from a single dashboard integrated with the protection already leveraged today.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h5><b>Identity-Based Microsegmenation with Aporeto Integration<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">Following the <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/company\/press\/2019\/palo-alto-networks-completes-acquisition-of-aporeto\"><span style=\"font-weight: 400;\">acquisition<\/span><\/a><span style=\"font-weight: 400;\"> of identity-based segmentation leader Aporeto, Prisma Cloud is moving forward with the integration of Aporeto technology in our <\/span><a href=\"http:\/\/blog.paloaltonetworks.com\/prisma-cloud\/aporeto-integration-prisma-cloud\"><span style=\"font-weight: 400;\">Identity-Based Microsegmentation module<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_119981\" aria-describedby=\"caption-attachment-119981\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:54.11%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-119981 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/10\/image2.png\" alt=\"This screenshot shows an example of managing identity-based microsegmentation in Prisma Cloud 2.0. In this case, the image tracks connections and separations between information stored in two different public clouds. \" width=\"900\" height=\"487\" \/><\/span><\/div><figcaption id=\"caption-attachment-119981\" class=\"wp-caption-text\">Managing Identity-Based Microsegmentation in Prisma Cloud<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Identity-Based Microsegmentation provides end-to-end visibility of network communications to network and cloud security teams, along with comprehensive security policy control and management. In the weeks after launch, the module will enter live preview and be available to a subset of Prisma Cloud Enterprise Edition customers.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h5><b>IAM Security: Establishing Least Privilege for Cloud Identities<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">Securing user identity in the cloud presents tremendous challenges for cloud infrastructure and security teams. Improper Identity and Access Management (IAM) configurations, such as overly permissive roles, reusing roles, dormant roles or exposed resources can have <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/cloud\/unit42-ctr-oct-2020-IAM\"><span style=\"font-weight: 400;\">profound consequences<\/span><\/a><span style=\"font-weight: 400;\"> for cloud security.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_119994\" aria-describedby=\"caption-attachment-119994\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:50.89%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-119994 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/10\/image5.png\" alt=\"This screenshot shows an example of IAM Security policies in Prisma Cloud 2.0. Information tracked includes policy name, category, type, class and subtype. \" width=\"900\" height=\"458\" \/><\/span><\/div><figcaption id=\"caption-attachment-119994\" class=\"wp-caption-text\">Prisma Cloud IAM Security policies<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">With this latest release of Prisma Cloud, users can leverage our <\/span><a href=\"http:\/\/blog.paloaltonetworks.com\/prisma-cloud\/IAM-security-controls\"><span style=\"font-weight: 400;\">IAM Security module<\/span><\/a><span style=\"font-weight: 400;\"> to gain visibility into effective permissions and user activity, implement governance over excessive or unused permissions and respond to issues with least-privilege recommendations or automated remediation.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">Conclusion<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">These new modules and capabilities give organizations a single platform for truly powerful security in cloud native development. With Prisma Cloud 2.0, DevOps, cloud infrastructure and security professionals can more confidently secure the innovations that drive user engagement.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To learn more about these latest enhancements and how they fit into our vision for the platform, check out our <\/span><a href=\"https:\/\/www.linkedin.com\/events\/cloudnativesecurity-firesidecha6719607962433798144\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">fireside chat on LinkedIn Live<\/span><\/a><span style=\"font-weight: 400;\"> on Oct. 20. Palo Alto Networks product leadership and other industry experts will discuss the latest cloud trends and offer insights on how to protect your cloud native applications.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The release of Prisma Cloud 2.0 adds new functionality modules and further platform alignment with key user needs and market categories.<\/p>\n","protected":false},"author":663,"featured_media":119929,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6768],"tags":[6901,6890,7321],"coauthors":[6882],"class_list":["post-119928","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-cloud","tag-cloud-native-security-platform","tag-prisma-cloud","tag-product-announcement","cloud_sec_category-cloud-workload-protection-platform","cloud_sec_category-devsecops"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/10\/business-blog.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/119928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/663"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=119928"}],"version-history":[{"count":4,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/119928\/revisions"}],"predecessor-version":[{"id":120067,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/119928\/revisions\/120067"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/119929"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=119928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=119928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=119928"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=119928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}