8 Hot New Palo Alto Networks Tools And Features At Ignite ’21

From spotting over-permissioned Microsoft Azure cloud accounts and reducing the time needed to remediate misconfigurations to the first-ever specialization for managed service partners, here are the top features debuting at Palo Alto Networks Ignite ’21.

A More Comprehensive Cloud

Palo Alto Networks continues to lead the way in the Cloud Native Application Protection Platform (CNAPP) space with innovations that better safeguard infrastructure, data, applications, networks and identities in the cloud. Much of the investment has been focused on moving security as close to the developers as possible so that problems can be identified earlier in the software development life cycle.

“A decade’s worth of digital transformation happened just in the last two years,” said Ankur Shah, Palo Alto Networks’ senior vice president of products. “And because of that, the bad actors are getting more sophisticated. They‘ve got more tools in their tool bag as our customers go digital. And we’ve got to stay ahead of the bad actor. We’ve got to out-innovate them.”

Some 26,000 partners and customers are expected to virtually attend Palo Alto Networks’ Ignite ’21 conference this week, where the company will debut Prisma Cloud 3.0, a next-generation CASB and the Cortex XMDR partner specialization. From spotting overpermissioned Microsoft Azure cloud accounts and reducing the time needed to remediate misconfigurations, here are some of the top innovations.

8. Prisma Cloud Rapid Risk Discovery

Prisma Cloud’s new rapid risk discovery capabilities are intended to reduce the time needed to detect and alert customers to misconfigurations and other abnormalities from hours to less than 10 minutes, Shah said. That’s because Prisma Cloud is now able to detect event-driven configuration changes as they occur rather than solely relying on the more traditional polling architecture, according to the company.

Customers in highly regulated industries like health care and financial services care very deeply about reducing the time to alert, according to Shah. They would ideally like to find out as soon as a mistake is made by their application team or a bad actor gets into their network, Shah said. Rapid risk discovery leverages a set of technology across all cloud providers to reduce the time needed to generate alerts, Shah said.

7. Prisma Cloud Adoption Advisor

Adoption Advisor provides customers with a guided walkthrough of how to use various features within Prisma Cloud as they mature their security posture, according to Shah. The technology is intended to increase customers’ active consumption of Prisma Cloud so that none of the features or capabilities became shelfware, Shah said.

The initial release of Adoption Advisor covers cloud security posture management (CSPM) capabilities within Prisma Cloud, and Palo Alto Networks said it plans to extend the technology to other areas of Prisma Cloud in the future. The dashboard on Adoption Advisor provides guidance around how to discover and unleash the power of Prisma Cloud as well as measurement of its implemented value.

Adoption Advisor was developed in response to customer requests for a coach or mentor to help them through the complexities of product deployment and operationalization on Prisma Cloud, Shah said. Unlike Palo Alto Networks’ firewall business where customers know how to deploy the product, Shah said it’s still very early days for cloud-native application protection platforms and customers need a guide.

Protecting digital encoding. Padlock and decoding algorithm, script programming, safety and protect system, vector ilustration

Protecting digital encoding. Padlock and decoding algorithm, script programming, safety and protect system, vector ilustration

6. Prisma Cloud Identity-Based Microsegmentation

Prisma Cloud can now automatically deduce and make recommendations around rule sets as well as automatically create policies to ensure that only the correct apps receive ingress or egress traffic from the public internet, Shah said. The offering is in beta today, and microsegmentation networking rules will be made available to customers in a few weeks, according to Shah.

The offering includes predefined rules as well as automated policy creation to simplify and accelerate the adoption of microsegmentation, according to the company. Given how complex networking is, Shah said many customers would rather press a button and have their policies be automatically created.

Palo Alto Networks first moved into the identity-based microsegmentation space six months ago to provide cloud-native and Kubernetes-native container security through networking, according to Shah. Demand for identity-based microsegmentation has been driven by the use of zero- trust methodologies to ensure that containers and public cloud networks aren’t providing more access than is totally necessary.

5. Prisma Cloud CIEM For Microsoft Azure

Identity has increasingly become the new security perimeter for customers, who are looking for help enforcing least privileged access policies, Shah said. Palo Alto Networks launched cloud infrastructure entitlement management (CIEM) for Amazon Web Services in January 2021 to ensure users have access to only the systems they really need, and nearly 200 customers have already signed up, Shah said.

A few weeks ago, Shah said Palo Alto Networks extended its CIEM capabilities to include net effective permissions analysis for Microsoft Azure and Azure Active Directory integrations. Combining the Azure and AWS functionality will ensure the overpermissioned cloud accounts, dormant permissions or cloud identity issues are addressed across the cloud, according to the company.

Organizations have increasingly realized that they have too many users with overly permissive access in their cloud environment, and therefore want help enforcing least privileged access, Shah said. Many customers have already signed up in the few weeks the Microsoft Azure offering has been available to better secure their identity and only give users access to the systems they need, according to Shah.

4. Palo Alto Networks Next-Generation CASB

Palo Alto Networks’ Next-Generation CASB (Cloud Access Security Broker) supports all sanctioned and unsanctioned applications and data types while defending against all different threat vectors, Shah said. It is fully integrated with the company’s Prisma SASE (Secure Access Service Edge) platform in a single pane of glass, allowing customers to write DLP rules once and have them universally applied, Shah said.

The Next-Generation CASB supports 20 sanctioned SaaS applications, with a strong emphasis on applying machine learning to safeguard sensitive data in Slack. And with the visibility Prisma Access provides into customer traffic, organizations can figure out what unsanctioned apps employees are using and determine whether they pose a significant enough risk to be blocked altogether, Shah said.

Machine learning enables the Next-Generation CASB to automatically identify new or unsanctioned SaaS applications as they become popular, classify them and apply appropriate security policies, according to the company. And the company’s enterprise DLP is now powered by machine learning, advanced optical character recognition and natural language processing to protect sensitive data in real time, he said.

3. Prisma Cloud Agentless Security

Palo Alto Networks has historically taken an agent-based approach to figuring out if applications have known vulnerabilities or other bad things in container, host or serverless functions, according to Shah. But now, the company is rolling out an agentless approach that complements existing agent-based protection by providing visibility into an organization’s cloud workload and application risks.

A new feature becoming generally available in January will be hosted on Amazon Web Services as part of the company’s agentless security portfolio and will be extended over the first half of 2022 to support containers across all the cloud providers. This gives more opportunity within the software development life cycle to scan code and give developers visibility before anything goes awry, according to Shah.

Agentless technology is well-suited to provide vulnerability assessments in development and sandbox environments that aren’t very hospitable to agents, according to Shah. The new technology builds upon the infrastructure security capabilities Palo Alto Networks obtained from its acquisition of Twistlock and applies the functionality to application development environments, Shah said.

2. Cortex XMDR

Cortex Extended Detection and Response (XMDR) is designed to enable partners to capitalize on the growing customer need to detect, investigate and respond to cyberthreats across their endpoint, network and cloud assets. The specialization enables partners to combine Cortex XDR with their own managed services offering to help customers streamline SOC operations and mitigate cyberthreats.

The XMDR specialization will debut with Critical Start, Orange Cyberdefense, PwC and Trustwave as launch partners, and Shah said Palo Alto Networks hopes to add many more partners going forward. These four partners were selected thanks to their longstanding relationship with Palo Alto Networks and their strong understanding of the challenges customers face around SOC and XDR technology, he said.

To achieve an XMDR specialization, partners must have Cortex XDR-certified SOC analysts/threat hunters on staff and available around the clock and complete technical and sales enablement as well as specialization exams. In addition, solution providers must have an existing MDR offering established for at least one year, Tier 1 and Tier 2 support, and a certain number of XDR endpoints under management.

1. Prisma Cloud Code Security

The technology Palo Alto Networks acquired earlier this year from Bridgecrew contains instructions on how to build infrastructure to avoid problems in production, according to Shah. Once the offering is integrated into Prisma Cloud, Shah said developers will be able to spot problems such as an open S3 bucket right in their IDE without even having to go into their CI/CD tools.

The integration of Bridgecrew and Prisma Cloud will alert developers to problems earlier in the life cycle before they enter production and will be generally available to customers starting in January 2022, Shah said. With Prisma Cloud code security, infrastructure as code scanning and code fixes are embedded directly into developer tools across the development life cycle, meaning risk will be addressed earlier.

The technology can also spot if security groups are overly permissive in source code repositories such as GitHub or GitLab and let the developers know to ensure the issues aren’t replicated in production, Shah said. Bridgecrew pioneered technology that allows for the scanning of code early in the development pipeline to ensure that there aren’t any problems during production, according to Shah.