Home > News > Top Stories > Prisma Cloud Delivers Context-Aware Software Composition Analysis to Secure Deployment of Open Source Software

Cloud Security

Prisma Cloud Delivers Context-Aware Software Composition Analysis to Secure Deployment of Open Source Software

Open source software is a critical component of cloud-native applications, allowing developers greater speed and modularity without having to reinvent the wheel each time they code. However, as the Unit 42 Cloud Threat Report, 2H 2021 found, open source software can often contain known vulnerabilities, which can open organizations up to significant risk. Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today introduced the industry's first context-aware software composition analysis (SCA) solution to help developers safely use open source software components. The integration of SCA into Prisma® Cloud further demonstrates why Palo Alto Networks is the leading provider of cloud-native security.

Traditional SCA solutions are standalone products that can produce a large number of alerts but lack the runtime context to help fix vulnerabilities. With the addition of SCA to the Prisma Cloud platform, developers and security teams can proactively surface and prioritize known vulnerabilities that impact the application lifecycle (i.e., code, build, deploy and run). Prisma Cloud SCA delivers deep dependency detection and remediation of vulnerabilities in open source software before applications reach production. It can also help developers prioritize remediation based on software components that are already in use. These capabilities are not possible when SCA solutions are deployed as single point products.

"Developers leveraging open source software should be able to build applications with the confidence they aren't opening the organization up to risk, With the average application consisting of 75% open source components, SCA on Prisma Cloud is key to protecting the organization from code to cloud and empowering developers to build with speed."

Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks

As a complete cloud-native application protection platform (CNAPP), Prisma Cloud is context-aware at every stage of the application lifecycle to provide a unified view of risk across organizations' cloud environments. Where current approaches to cloud security rely on siloed products that provide intermittent visibility without remediation, Prisma Cloud approaches cloud security with a comprehensive, prevention-first framework. With 188% increase in cloud incident response cases over the past three years, this shift in approach has become mandatory.

A complete code-to cloud CNAPP needs to incorporate the following five key principles in order to keep organizations safe:

Security from code to cloud — protects applications at every stage of the development lifecycle — from code, build, deploy and run.
Continuous, real time visibility — uses real-time and contextual security analysis of cloud environments to help prevent misconfigurations, vulnerabilities and threats.
Prevention-first protection — stopping attacks and defending against zero-day vulnerabilities to drive down mean time to remediation.
Choice for every cloud journey — aligning security needs with current and future cloud priorities by supporting a breadth of cloud service providers, workload architectures, continuous integration and continuous delivery (CI/CD) pipelines, integrated development environments (IDEs), and repositories with a unified platform
Cloud scale security — consistently secures applications as cloud environments scale.

In addition to SCA and to further increase the safety of cloud-native applications, Prisma Cloud introduced a software bill of materials (SBOM) among other capabilities for developers to easily maintain and reference a complete codebase inventory of every application component used across cloud environments. Implementing SCA and SBOM ensures Prisma Cloud aligns with these principles.

"Buyers looking for cloud-native security solutions need to keep the requirements of microservices security protection in mind. The 'bolted-on' and 'whack-a-mole' approaches are a thing of the past," said Frank Dickson, program vice president, Security and Trust at IDC. "Security should be embedded throughout the application development life cycle. This means that buyers need to fundamentally change their approach to security, although they need to continue to protect their run-time environments, they must also embrace solutions that embed security in the application development process, an approach referred to as 'shift left.' Shift left requires one to think less about security products and more about continuous security processes."

About Palo Alto Networks
Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Spotlight

More featured news

Spotlight

Related News

Cloud Storage

TRG Screen Announces Acquisition of Xpansion for Reference Data Usage Management

PR Newswire: | January 25, 2024

TRG Screen, the leading provider of enterprise subscription spend and usage management software, today announced it has acquired Xpansion, the leading provider of cloud-based solutions for reference data usage monitoring in the financial services industry. The acquisition of Xpansion will further solidify TRG Screen's position as a global market leader in market data management solutions. Xpansion – established in 2013 – is focused on empowering data operations teams to proactively manage their usage, control costs and optimize data workflows. Xpansion's offerings include Xmon, Xprocess and Xplore, and provide real-time analytics, giving clients unprecedented transparency, visibility and control into their reference data usage. This deal consolidates TRG Screen's unique position as the only provider of enterprise subscription management capabilities spanning the whole spectrum of market data optimization, from spend and inventory tracking, through to usage and enquiry management, exchange reporting and compliance. "Xpansion and TRG Screen have been partners for many years. Bringing Xpansion into the TRG Screen family is a very logical next step for both companies, given our strong relationship and shared view that the industry demand for integrated usage management solutions is going to continue to grow," said TRG Screen CEO Leigh Walters. "Xpansion is an established firm with excellent customer satisfaction and retention, and highly experienced and industry respected leadership. We are very excited at the opportunities this acquisition brings." "We are thrilled to be joining TRG Screen," said Xpansion co-founder and CEO Amjad Zoghbi. "Reference data usage is one of the most complex aspects of market data management, and managing it correctly is essential to maintaining contractual compliance and ensuring clients are right-sizing their usage based on actual consumption and business need. I'm very pleased that Xpansion's customers, and team, will now be part of the best-of-breed solution with the industry's leading provider of market data management solutions." The acquisition demonstrates TRG Screen's ongoing commitment to servicing the needs of market data consumers, vendors and exchanges. Financial terms of the transaction were not disclosed. About TRG Screen TRG Screen is the leading provider of enterprise subscription management solutions. Founded in 1998, TRG Screen is uniquely differentiated by its ability to monitor both spend and usage of data and information services including market data, research, software licenses, consulting and other corporate expenses. TRG Screen's solutions provide its customers with full transparency into their vendor relationships and their subscription spend and usage, enabling them to optimize their enterprise subscriptions. TRG acquired Priory Solutions in 2016, Screen Group in 2018, Axon Financial Systems in 2019, Market Data Insights in 2020, and Jordan & Jordan's Market Data Reporting (MDR) business in 2021 and with these acquisitions is now positioned as the global market leader in the financial, legal, and professional services markets. TRG Screen's product portfolio includes subscription spend, usage, enquiry and compliance solutions. For more information visit trgscreen.com. Follow TRG Screen on LinkedIn, @TRG Screen, and on Twitter, @trgscreen. About Xpansion Xpansion delivers next-generation reference data solutions that empower financial institutions to streamline their reference data operations, reduce costs, enhance data quality, and improve data discovery. With a focus on customer satisfaction, continuous innovation and quick time to value, Xpansion is a trusted partner for financial institutions in the buy- and sell-side as well as solution providers in the industry.

Cloud Infrastructure Management

The Manufacturing Sector Experiences More Attacks in the Cloud than Any Other Industry

PR Newswire: | January 19, 2024

Netwrix, a cybersecurity vendor that makes data security easy, today revealed additional findings for the manufacturing sector from its survey of 1,610 IT and security professionals across more than 100 countries. According to the survey, 64% of companies in the manufacturing sector suffered a cyberattack during the preceding 12 months, which is similar to the finding among organizations overall (68%). However, it turned out that the manufacturing sector experiences more cloud infrastructure attacks than any other industry surveyed. Among manufacturing companies that detected an attack, 85% spotted phishing in the cloud compared to only 58% across all verticals; 43% faced user account compromise in the cloud as opposed to 27% among all industries; and 25% dealt with data theft by hackers in the cloud compared to 15% for organizations overall. "The manufacturing sector relies heavily on the cloud to work with their supply chain in real time. This makes their cloud infrastructure a lucrative target for attackers — infiltrating it enables them to move laterally and potentially compromise other linked organizations, as happened to one the world's top meat processing companies. Credential compromise or malware deployed via a phishing email is just the beginning of the attack," says Dirk Schrader, VP of Security Research at Netwrix. "The attack surface in the cloud is always expanding, so it's critical for manufacturing companies to adopt a defense-in-depth approach," adds Ilia Sotnikov, Security Strategist at Netwrix. "First, they must rigorously enforce the principle of least privilege to limit access to sensitive data, which ideally includes just-in-time access to eliminate unnecessary entry points for adversaries. They also need to gain deep visibility into when and how critical data in the cloud is being used so that IT teams can promptly spot potential threats. Finally, they need to be prepared to minimize the damage from incidents by having a comprehensive response strategy that is regularly exercised and updated." To learn more about security trends, check out the complete 2023 Hybrid Security Trends Report. About Netwrix Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.