Prisma Cloud updates help to fight alert fatigue
Palo Alto Networks has launched updates to Prisma Cloud, the company’s cloud security posture management (CSPM) solution.
The new updates are focused on eliminating cloud blind spots and freeing security teams from the burden of alert fatigue, the company states.
These critical features are available to the 2,000+ enterprises that use Prisma Cloud, as well as future customers.
The five new features of Prisma Cloud are:
True Internet Exposure: Legacy CSPM solutions generate alerts for any overly permissive security group - even if the security group is not publicly exposed.
True Internet Exposure provides end-to-end network path visibility between any source and destination, eliminating needless alerts associated with unexposed cloud instances and security groups.
Visibility-as-Code: Cloud service providers release and update hundreds of new services for their platforms each year.
When organisations use these new services before their CSPM solution supports them, they are left with security blind spots, Palo Alto states.
With Visibility-as-Code, Prisma Cloud can now support new cloud services in days, providing development teams with the freedom to take advantage of the latest cloud services while giving the security teams the security measures they need.
Network Data Exfiltration Detection: Many basic security solutions solely focus on detecting misconfigurations based on static rules, so they may not be effective when it comes to real security attack objectives, such as data exfiltration, according to the company.
Prisma Cloud uses machine learning to analyse vast amounts of network flow logs and understand the typical traffic pattern of each customer, which is then used to detect and alert on abnormal egress traffic to any IP address, including TOR exit nodes.
This allows security teams to focus their remediation efforts on the most dangerous data exfiltration attacks and avoid unnecessary alert storms.
Anomalous Compute Provisioning Detection: According to Palo Alto, security teams need an effective way to detect cryptojacking and other abnormal provisioning of compute resources.
Anomalous Compute Provisioning Detection can identify the provisioning of an abnormal number of VMs, which can often be attributable to either cryptojacking or resource misuse.
The machine learning-based policy also alerts security teams if a user appears to jump from one location to another or tries to hide behind a TOR exit node.
Customisable Object-Level Scanning for AWS S3: Prisma Cloud assesses resource configuration and enables customers to scan objects in their S3 buckets for public exposure, identify sensitive data and detect malware.
Customisable Object-Level Scanning now gives customers a la carte scanning, freeing them to self-select specific scanning capabilities.
This works to save time and cost while reducing the volume of alerts.
Palo Alto Networks senior vice president Prisma Cloud Varun Badhwar says, “Companies don’t want to slow down to secure the cloud, and they shouldn’t have to.
“An ideal CSPM solution needs to offer coverage for all cloud resources, should stay up to date as new resources are introduced, and must effectively detect real attacks while minimising unnecessary false positives.
"Prisma Cloud addresses these issues and allows organisations to move quickly while staying secure.”
ESG vice president and group director cybersecurity Doug Cahill says, "Gaining visibility into misconfigurations and identifying cloud infrastructure threats across dynamic public cloud environments is a continued challenge for organisations.
"The new capabilities in Prisma Cloud allow security teams to do this with greater breadth than before and lessen the overall amount of alerts that must be addressed by security teams."