CLOUD SECURITY
Palo Alto Network | September 23, 2022
Open source software is a critical component of cloud-native applications, allowing developers greater speed and modularity without having to reinvent the wheel each time they code. However, as the Unit 42 Cloud Threat Report, 2H 2021 found, open source software can often contain known vulnerabilities, which can open organizations up to significant risk. Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today introduced the industry's first context-aware software composition analysis (SCA) solution to help developers safely use open source software components. The integration of SCA into Prisma® Cloud further demonstrates why Palo Alto Networks is the leading provider of cloud-native security.
Traditional SCA solutions are standalone products that can produce a large number of alerts but lack the runtime context to help fix vulnerabilities. With the addition of SCA to the Prisma Cloud platform, developers and security teams can proactively surface and prioritize known vulnerabilities that impact the application lifecycle (i.e., code, build, deploy and run). Prisma Cloud SCA delivers deep dependency detection and remediation of vulnerabilities in open source software before applications reach production. It can also help developers prioritize remediation based on software components that are already in use. These capabilities are not possible when SCA solutions are deployed as single point products.
"Developers leveraging open source software should be able to build applications with the confidence they aren't opening the organization up to risk, With the average application consisting of 75% open source components, SCA on Prisma Cloud is key to protecting the organization from code to cloud and empowering developers to build with speed."
Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks
As a complete cloud-native application protection platform (CNAPP), Prisma Cloud is context-aware at every stage of the application lifecycle to provide a unified view of risk across organizations' cloud environments. Where current approaches to cloud security rely on siloed products that provide intermittent visibility without remediation, Prisma Cloud approaches cloud security with a comprehensive, prevention-first framework. With 188% increase in cloud incident response cases over the past three years, this shift in approach has become mandatory.
A complete code-to cloud CNAPP needs to incorporate the following five key principles in order to keep organizations safe:
Security from code to cloud — protects applications at every stage of the development lifecycle — from code, build, deploy and run.
Continuous, real time visibility — uses real-time and contextual security analysis of cloud environments to help prevent misconfigurations, vulnerabilities and threats.
Prevention-first protection — stopping attacks and defending against zero-day vulnerabilities to drive down mean time to remediation.
Choice for every cloud journey — aligning security needs with current and future cloud priorities by supporting a breadth of cloud service providers, workload architectures, continuous integration and continuous delivery (CI/CD) pipelines, integrated development environments (IDEs), and repositories with a unified platform
Cloud scale security — consistently secures applications as cloud environments scale.
In addition to SCA and to further increase the safety of cloud-native applications, Prisma Cloud introduced a software bill of materials (SBOM) among other capabilities for developers to easily maintain and reference a complete codebase inventory of every application component used across cloud environments. Implementing SCA and SBOM ensures Prisma Cloud aligns with these principles.
"Buyers looking for cloud-native security solutions need to keep the requirements of microservices security protection in mind. The 'bolted-on' and 'whack-a-mole' approaches are a thing of the past," said Frank Dickson, program vice president, Security and Trust at IDC. "Security should be embedded throughout the application development life cycle. This means that buyers need to fundamentally change their approach to security, although they need to continue to protect their run-time environments, they must also embrace solutions that embed security in the application development process, an approach referred to as 'shift left.' Shift left requires one to think less about security products and more about continuous security processes."
About Palo Alto Networks
Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.
Read More
CLOUD DEPLOYMENT MODELS
CoreStack | September 27, 2022
CoreStack, a global multi-cloud governance provider, today announced the company’s acquisition of Optio3, an AI-powered operations management company based in Seattle, WA. As a result, CoreStack will acquire 100 percent of Optio3’s technology and IP and will integrate Optio3 team into the CoreStack team. Optio3 Co-founder and CEO Sridhar (Sri) Chandrashekar will be joining the CoreStack leadership team as Chief Digital Officer (CDO).
“We’ve been leveraging Optio3’s technology in our platform for 9 months and have had tremendous success with it,” said Ezhilarasan (Ez) Natarajan, CoreStack Founder and CEO. “We now have the opportunity to bring the Optio3 team’s expertise in-house and can further tailor the technology to support our enterprise customers’ needs.”
CoreStack helps enterprises unleash the power of cloud on their terms by providing a NextGen multi-cloud governance platform that is Continuous, Holistic, Autonomous, Integrated, and Nimble (CHAIN). This NextGen governance solution enables proactive multi-cloud governance and 360-degree visibility across financial management (FinOps), security operations (SecOps), and cloud operations (CloudOps) in a unified dashboard. The Optio3 acquisition will further facilitate CoreStack’s delivery of these NextGen multi-cloud governance capabilities, bringing their deep industry experience in building scalable SaaS products as well as a proven technology framework that strengthens the platform, automates the cloud infrastructure, and increases the speed of innovation and delivery.
“CoreStack is at an inflection point in its growth curve with a phenomenal pipeline of Fortune 5000 customers,” said Sri Chandrashekar, CoreStack’s new CDO. “The Optio3 team is highly specialized in delivering high-scale platforms and SaaS solutions to those enterprise customers. I’m excited that we’re working together to achieve CoreStack’s ambitious vision and product roadmap for NextGen Cloud Governance.”
Founded in 2016, CoreStack is a multi-national corporation with headquarters in Bellevue, WA, an engineering Center of Excellence is in Chennai, India, and sales and support personnel located across the globe to ensure seamless support. Since January 2022, CoreStack has hired more than 150 people, won significant deals, and added numerous marquee partners. Booked annual revenues have grown by more than 100%, and customer renewal rates remain at 100%. Annual cloud spend across all customers and partners governed by CoreStack is crossing $2B, and the company has doubled down on partnership engagements with AWS, Azure, Google, and Oracle.
“We are thrilled to be bringing Optio3’s technology and team into our family,” said Ez Natarajan. “CoreStack was born with the mission of establishing a robust, NextGen governance layer on top of even the most complex multi-cloud ecosystems. We are now perfectly positioned to offer our customers a highly scalable, manageable, and reliable solution – one that drives digital transformation and delivers next-level performance.”
“We are delighted to bring in Optio3’s technology, CoreStack was born with the mission of establishing a robust, NextGen governance layer on top of even the most complex multi-cloud ecosystems. We are now perfectly positioned to offer our customers a highly scalable, manageable, and reliable solution one that drives digital transformation and delivers next-level performance.”
Sabapathy Arumugam, CoreStack Co-Founder and CTO
About CoreStack
CoreStack provides a NextGen Cloud Governance platform that empowers enterprises to predictably increase top-line revenues, improve bottom-line efficiencies, and gain a competitive edge through AI-powered real-time cloud governance on autopilot. CoreStack's FinOps, SecOps, and CloudOps solutions embrace, enhance, and extend native-cloud capabilities, enabling reporting, recommendation, and remediation and providing single pane-of-glass governance across multi-cloud. Through executive dashboards for comprehensive real-time insights, CoreStack delivers transformative value such as 40% increase in operational efficiencies, 50% decrease in cloud costs, and 100% security assurance and compliance. CoreStack helps 500+ global enterprises govern $2+ billion in annual cloud consumption. Gartner, Frost & Sullivan, Forrester, S&P Global and IDC have recognized CoreStack as an innovator and leader in cloud management solutions. CoreStack is backed by strategic advisors, including the ex-CEO of Wipro and ex-CIO of Microsoft. The company is a Microsoft Azure Gold Partner, Amazon AWS Advanced Technology Competency Partner, Oracle Cloud Build Partner, and Google Cloud Build Partner.
Read More
CLOUD SECURITY
Gigamon | September 28, 2022
Gigamon, the leading deep observability company, is guiding the industry forward today, bringing application and network-level intelligence together for the first time to help network, security, and cloud IT operations teams eliminate security blind spots and deliver defense in depth across their highly distributed hybrid and multi-cloud infrastructure. Leading market intelligence firm, the 650 Group, forecasts the deep observability market’s CAGR to grow over 60 percent to reach $2 billion by 2026. They predict Gigamon will take a commanding lead with 68 percent market share in the first half of 2022. Together with an expanding ecosystem of technology alliance partners, Gigamon harnesses actionable network-level intelligence that amplifies the power of cloud, security, and observability tools, ultimately empowering large organizations to achieve the transformational promise of the cloud.
A recent IDC global survey of 900 large organization IT executives and managers* revealed that 'strengthened cybersecurity posture and practices' is the number one benefit of deep observability intelligence and insights. And to overcome their concerns for security vulnerabilities, 79 percent of respondents indicate they have made good-to-excellent progress in leveraging network intelligence and performance metrics for security insights. When asked specifically where the alignment of NetOps and SecOps efforts and tools have improved security management, a strong majority of respondents cited the following: provide complete visibility into on-premises systems and cloud services, reduce false positives, improve speed and accuracy of triage, and validate remediation.
To further underscore the urgency for organizations to address security blind spots, a recent Vitreous World State of Ransomware for 2022 and Beyond survey revealed more than 95 percent of the more than one thousand global respondents, consisting of large organization IT and security executives, had experienced ransomware attacks in the past year. The research also revealed that 89 percent of global security leaders surveyed agree deep observability is an important element of cloud security with 50 percent of global CISOs/CIOs strongly agreeing with this statement.
“As a cloud-first dental support organization, we are continuously seeking new ways to fortify our security posture and equip our supported owner doctors with the latest, proven technology and highly skilled support staff, so they can focus on providing the perfect patient experience to patients with an extraordinary, differentiated care experience,” said Nemi George, vice president of IT and information security officer and IT service operations at Pacific Dental Services. “With the deep observability we gain from Gigamon, we can eliminate security blind spots at the network layer of our hybrid cloud infrastructure, deliver defense in depth, and confidently scale our operations.”
A New Frontier: Deep Observability
The Gigamon Hawk Deep Observability Pipeline harnesses actionable network-level intelligence to amplify the power of cloud, security, and observability tools, enabling IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks and lower the operational overhead associated with managing today’s highly distributed hybrid and multi-cloud infrastructure. Gigamon extends the value of these tools with real-time network intelligence derived from packets, flows and application metadata to deliver defense in depth and performance management. Gigamon has an extensive ecosystem of technology alliance partners that includes leading observability vendors Dynatrace, New Relic and Sumo Logic.
“We are proud to partner with Gigamon and integrate their network-level intelligence with the Dynatrace platform’s full-stack observability, application security, and AIOps capabilities to enable our joint customers to innovate faster and more securely,” said Bob Wambach, vice president of product marketing at Dynatrace. “Large organizations continue to embrace hybrid-cloud, multi-cloud, and cloud-native technologies as the foundation for their digital services and innovation. As a result, applications have become increasingly complex and distributed. The combination of Dynatrace and Gigamon gives customers unprecedented abilities to simplify cloud complexity. The actionable, network-level intelligence of the Gigamon deep observability pipeline provides additional network-security context to the precise answers and intelligent automation delivered by Dynatrace.”
“At Trace3 we help our customers design, move and re-architect workloads to the Cloud. One of the challenges we face is maintaining visibility into key applications regardless of cloud architecture pattern, in alignment with guidance from well-architected frameworks,” said Chris Nicholas, vice president cloud and cloud solutions group at Trace3. “Gigamon Hawk helps us deliver actionable network-level intelligence against many advanced security and observability use-cases. The built-in performance tools help us accelerate troubleshooting while lowering operational costs.”
“IT organizations are navigating an unprecedented increase in cyber threats across all vectors of their hybrid and multi-cloud infrastructure, and the underlying complexity and disparity of tools used to manage these environments introduces blind spots that can expose their organizations to risk, Gigamon is at the right place at the right time to capitalize on this high growth market and deliver more value to our customers by extending the value of tools they have already deployed and empowering them with actionable network-level intelligence for the hybrid cloud so they can run fast, stay secure, and accelerate innovation.”
Shane Buckley, president and CEO of Gigamon
About Gigamon
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination helps IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, 9 of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide.
Read More