{"id":296468,"date":"2023-06-22T06:00:44","date_gmt":"2023-06-22T13:00:44","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=296468"},"modified":"2023-06-22T21:49:35","modified_gmt":"2023-06-23T04:49:35","slug":"agentless-malware-scanning","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2023\/06\/agentless-malware-scanning\/","title":{"rendered":"Agentless Workload Scanning Gets Supercharged with Malware Scanning"},"content":{"rendered":"<p>Enterprises taking advantage of cloud-native architectures now have 53% of their cloud workloads hosted on public clouds, according to our recent <a href=\"https:\/\/www.paloaltonetworks.com\/state-of-cloud-native-security\">State of Cloud-Native Security Report 2023<\/a>. But, the sheer complexity of cloud technology can dramatically expand an organization\u2019s attack surface.<\/p>\n<p>Using WildFire in 2021 to analyze malicious files, our threat research team discovered a <a href=\"https:\/\/unit42.paloaltonetworks.com\/cobalt-strike-team-server\/\">73% increase in Cobalt Strike malware<\/a> samples compared to 2020. The speed, volume and sophistication of modern malware attacks has made them more difficult to detect. This, paired with the agility of the cloud, gives rise to a heightened \u2014 and formidable \u2014 state of risk.<\/p>\n<h2><a id=\"post-296468-_jxqtrrrvu9o9\"><\/a>The Gap Between Risk and Reality<\/h2>\n<p>Enterprises can\u2019t afford to leave the frontlines and backdoors open to risk while taking weeks to deploy security products. They want better out-of-the-box security from tools, according to the cloud-native security report mentioned above. Efficiency, after all, becomes paramount with a shortage of skilled security professionals. Teams need the ability to set up cloud security in a few clicks. Organizations need actionable insights on day one from the solutions they rely on.<\/p>\n<h2><a id=\"post-296468-_t0zd9hnjsagn\"><\/a>Agentless Workload Scanning<\/h2>\n<p>Today, we\u2019re excited to announce that Prisma Cloud agentless workload scanning is now backed by Palo Alto Networks Advanced WildFire, the industry\u2019s leading malware scanning engine. Advanced WildFire is a cloud-delivered service that uses \u200bpatented machine learning detection engines to identify 99% of known and unknown malware. It allows security teams to leverage advanced malware analysis for containers and hosts in runtime, without having to deploy agents.<\/p>\n<p>In addition, this release includes other advancements:<\/p>\n<ul>\n<li><strong>Agentless vulnerability and compliance management<\/strong> for Windows host machines on all three major cloud providers<\/li>\n<li><strong>Extension of Cloud Workload Protection capabilities<\/strong> to five additional compute operating systems<\/li>\n<li><strong>Continuous examination of API changes and usage<\/strong> to detect unwanted changes or API risk<\/li>\n<\/ul>\n<h2><a id=\"post-296468-_yuourv9xjv8h\"><\/a>Agentless Workload Malware Scanning<\/h2>\n<p>Container images, running containers and virtual machines may contain malware, such as cryptominers or viruses. For example, Unit 42 found 30 malicious<a href=\"https:\/\/unit42.paloaltonetworks.com\/malicious-cryptojacking-images\/\"> images<\/a> in Docker Hub with cryptominers that had been pulled 20 million times. While many organizations turn to sandboxing solutions for malware analysis, these solutions affect user productivity and are slow to predict verdicts.<\/p>\n<p>Two years ago we started offering a native integration with <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/prisma-cloud\/prisma-cloud-and-wildfire-integration\/\">Advanced WildFire for advanced malware analysis<\/a> for containers and hosts in CI\/CD pipelines and in runtime. We\u2019re now extending this functionality to our agentless deployment options for hosts, VMs and container machines.<\/p>\n<p>Users can scan their workloads for malware with a platform that provides flexible deployment options to fit their environments\u2019 needs. Agentless workload scanning for known malware via Advanced WildFire is widely available. Support for zero-day malware detection is expected later this summer in <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/guides\/prisma-cloud-pricing-and-editions\">SaaS Edition<\/a>.<\/p>\n<h2><a id=\"post-296468-_nih0yi72rpfc\"><\/a>Agentless Workload Scanning Extended to Windows<\/h2>\n<p>Organizations often just want visibility into their cloud workloads and applications. About 18 months ago, we released <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2021\/11\/shift-left-with-prisma-cloud-3-0\/\">agentless scanning<\/a> to provide visibility into an organization\u2019s cloud estate. This feature complemented existing agent-based protection. At the time, Prisma Cloud was the only code-to-cloud CNAPP with support for the three major cloud providers \u2014 Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).<\/p>\n<p>In this release, we\u2019re extending agentless capabilities to support 2016-2022 Windows Host machines on all three major cloud providers, supplying security teams with greater flexibility on how to engage cloud workload protection. Users can now gain visibility into vulnerabilities and compliance across Linux and Windows-based cloud workloads for AWS, Azure and GCP \u2014 without having to deploy agents.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.youtube.com\/watch?v=AcQwFrPLA18&amp;ab_channel=PrismaCloudbyPaloAltoNetworks\" rel=\"nofollow,noopener\" >Agentless Scanning Demo<\/a><\/li>\n<\/ul>\n<h2><a id=\"post-296468-_8ue7cfguxihz\"><\/a>Broader Support for Additional Operating Systems<\/h2>\n<p>As the number of cloud workload services increases, customers are leveraging platforms that best suit their applications\u2019 needs. But security teams are unable to secure cloud workloads if their existing solution doesn\u2019t support the operating system. This leaves a potentially damaging gap in their cloud security strategy.<\/p>\n<p>Prisma Cloud offers the broadest coverage for cloud workload protection, supporting over <a href=\"https:\/\/docs.paloaltonetworks.com\/prisma\/prisma-cloud\/prisma-cloud-admin-compute\/install\/system_requirements\">30 different operating systems<\/a>. We\u2019re now extending our cloud workload protection capabilities to five additional compute platforms: Windows Server 2022, Oracle Linux, RHEL 9, TalOS Linux, CBL-Mariner, and Rocky Linux.<\/p>\n<h2><a id=\"post-296468-_z4xga9xbug9y\"><\/a>API Change Detection<\/h2>\n<p>API attacks and abuse have been top-of-mind for most organizations. Prisma Cloud provides complete API discovery, risk profiling and real-time protection for all APIs as a part of its <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2023\/01\/api-security-in-a-cloud-native-world\/\">Cloud-Native Application Protection Platform<\/a> (CNAPP).<\/p>\n<p>The State of Cloud Native Security Report showed that <a href=\"https:\/\/www.paloaltonetworks.com\/state-of-cloud-native-security\">38% of respondents are committing new code daily<\/a>. Snapshot-based API scans only provide security teams with point-in-time visibility, leaving them blind to API changes that create unwanted risk. Security teams need an approach that tracks API changes for efficient investigation.<\/p>\n<p>Prisma Cloud continuously monitors APIs for changes that lead to unwanted risk. As development teams make frequent changes and updates to APIs, security teams now have visibility into these changes and the potential risk they might pose to the application at runtime. They can use this information to add protection to the endpoint or share information with their development team to remediate risk.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.youtube.com\/watch?v=BtPRAsORzOk&amp;ab_channel=PrismaCloudbyPaloAltoNetworks\" rel=\"nofollow,noopener\" >API Change Detection Demo<\/a><\/li>\n<\/ul>\n<h2><a id=\"post-296468-_7oog7smo25rn\"><\/a>Learn More<\/h2>\n<p>To learn more about the latest enhancements to Prisma Cloud, <a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/request-a-prisma-cloud-trial\">request a free trial<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enterprises now have 53% of their cloud workloads hosted on public clouds, according to our recent State of Cloud-Native Security Report 2023.<\/p>\n","protected":false},"author":709,"featured_media":296469,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[308,8023,6717],"tags":[74,6890,515],"coauthors":[8319,7462],"class_list":["post-296468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-cloud-workload-protection","category-products-and-services","tag-malware","tag-prisma-cloud","tag-vulnerabilities","cloud_sec_category-announcement","cloud_sec_category-cloud-native-security-platform"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2023\/06\/Looking-Closely.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/296468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/709"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=296468"}],"version-history":[{"count":11,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/296468\/revisions"}],"predecessor-version":[{"id":296850,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/296468\/revisions\/296850"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/296469"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=296468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=296468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=296468"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=296468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}