{"id":99228,"date":"2019-06-04T06:00:41","date_gmt":"2019-06-04T13:00:41","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=99228"},"modified":"2019-06-03T17:31:21","modified_gmt":"2019-06-04T00:31:21","slug":"cloud-google-cloud-palo-alto-networks-depth-look","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2019\/06\/cloud-google-cloud-palo-alto-networks-depth-look\/","title":{"rendered":"Google Cloud and Palo Alto Networks: A Closer Look"},"content":{"rendered":"

In this post, guest bloggers Vineet Bhan, Sheba Roy and Ashish Verma of Google Cloud share\u00a0a\u00a0closer look at product integrations between Google Cloud and Palo Alto Networks.<\/span><\/em><\/p>\n

 <\/p>\n

\"\"Most enterprises have hybrid or multi-cloud deployments, and maintaining consistent security posture across all deployments is always one of their top priorities. In December 2018, we announced an <\/span>expanded partnership with Palo Alto Networks<\/span><\/a> with exactly that goal in mind. With <\/span>Google Cloud\u2019s native security toolkit<\/span><\/a> and deep integrations with Palo Alto Networks cloud security products such as the\u00a0<\/span>VM-Series<\/span><\/a>, <\/span>Prisma Public Cloud<\/span><\/a>, and <\/span>Prisma SaaS<\/span><\/a>, you can define a consistent security posture in Google Cloud and on-premises. Let\u2019s look into some of these integrations.<\/span><\/p>\n

 <\/p>\n

Governance and compliance:<\/b> Prisma Public Cloud (formerly RedLock) provides continuous monitoring and compliance reporting for your resource configurations, network configurations, and user activity on Google Cloud. It can now detect risks and provide auto-remediation across ten core Google Cloud Platform (GCP) services, such as Compute Engine, Google Kubernetes Engine (GKE), and Cloud Storage. Prisma Public Cloud is also integrated with GCP\u2019s Security Baseline API<\/span>alpha<\/span> , which provides visibility into the compliance posture of Google Cloud platform. With this integration, customers can get compliance visibility into their full stack. <\/span><\/p>\n

In addition, with <\/span>Cloud Security Command Center<\/span><\/a> integration, customers can incorporate Prisma Public Cloud findings into their single pane of glass view by simply enabling the integration in <\/span>GCP marketplace<\/span><\/a>.<\/span><\/p>\n

 <\/p>\n

Security analytics: <\/b>Along with security governance and compliance assurance, Prisma Public Cloud integrates with <\/span>VPC flow logs<\/span><\/a> to provide useful insight into east-west and north-south traffic flows by correlating data with various security intelligence sources. <\/span><\/p>\n

 <\/p>\n

Security for GCP workloads: <\/b>Palo Alto Networks VM-Series firewalls protect both container and compute workloads and can be deployed directly through <\/span>GCP Marketplace<\/span><\/a>. Deploying the VM-Series with <\/span>Google Cloud Load Balancers<\/span><\/a> allows horizontal scalability as your workloads grow and high availability to protect against failure scenarios. VM-Series also takes advantage of <\/span>Cloud Armor<\/span><\/a> to block malicious IP addresses at Google\u2019s edge, saving on compute cycles that analyze other critical traffic flows. <\/span><\/p>\n

 <\/p>\n

Security for hybrid containerized workloads:<\/b> Anthos<\/span><\/a> (formerly Cloud Services Platform) lets you build and manage modern hybrid applications. Istio is an open service mesh that can be deployed on Google Kubernetes Engine (GKE) as part of Anthos to provide a uniform way to connect, manage, and secure microservices. With the NGFW policy engine (an Istio mixer adapter developed by Palo Alto Networks) customers can secure east-west traffic based on attributes such as source namespace, source service, destination namespace, destination service and protocol through Panorama<\/span>. The <\/span>NGFW policy engine <\/span>also provides detailed telemetry from the service mesh for forensics and analytics. The NGFW policy engine can be deployed to a kubernetes cluster hosted on-premise or in the cloud directly through the <\/span>GCP marketplace<\/span><\/a>.<\/span><\/p>\n

 <\/p>\n

Data Protection for G Suite: <\/b>Prisma SaaS (formerly Aperture) is a SaaS security service that connects directly to SaaS applications for data classification, Data Loss Prevention, and threat detection. \u00a0It leverages an out-of-band, API-based approach that enables granular inspection of data at rest in G Suite as well as ongoing monitoring of user activity and administrative configurations.<\/span><\/p>\n

 <\/p>\n

Learn more about our partnership and integrations at <\/span>Ignite \u201819<\/span><\/i><\/a>: <\/span><\/p>\n

 <\/p>\n