Prisma Cloud Articles
cancel
Showing results for 
Search instead for 
Did you mean: 
Incident response is a daily problem to solve in cybersecurity. Bad actors are constantly looking for new ways to hack into an enterprise. Due to the consequences of ill-intentioned hacking causing potential distress at a global scale, we all have a responsibility to be as prepared as possible to better protect our environments by the proactive action of incident response. Through the Cloud Workload Protection Platform (CWPP) of Prisma Cloud, there are ways to be proactive in achieving goals in incident response while creating protocols to coherently scope your applications and accounts in these environments. In this article, you will learn about the primary scoping utility that is available to you in the console through collections and approaches to optimally creating scope.
View full article
Many in the security industry have been pondering recently whether “agentless” or “agents” are most effective. The answer is simple: use both for comprehensive security. With that vision in mind, Prisma Cloud is proud to be the first security platform to offer both agent-based and agentless security together from a single solution, giving you and your teams the flexibility and choice to deploy or activate the right method of protection in a mixed environment. As a part of Prisma Cloud 3.0 launch, we announced the introduction of agentless security in addition to already available agent-based security to provide comprehensive security coverage.   Come learns what the new V2 release brings in this webinar
View full article
“What could you have done better as an organization to adjust to Log4J?”  This question has resonated with the cybersecurity community for a while now. Within the capabilities of the Prisma Cloud product here at Palo Alto Networks, there are a number of threat landscape views and preventative tools that are available to customers.    In this article, we will review some of the core features that security professionals can utilize to be notified of CVE detection, available API calls within the Prisma Compute console that will help to give a quick view into resources affected by Log4J through the correlated CVE, as well as some advanced preventatives, such as creating a custom CVE or uploading an MD5 malware hash, that are available to users of the console. With these additional tools there will be a better understanding of not only how to get a grasp around aspects of the threat landscape of Log4J in your environment, but also a better way to approach potential future zero-days through utilization of the capabilities of Prisma Cloud.  
View full article
Prisma Cloud Products and Customer Success Webinar Recordings   Upcoming CSPM Platform update July 2022 Please join us to learn about new CSPM & Platform capabilities including Alert Prioritization by Mitre, True Network Exposure for Azure, DNS-threat detection, Unified Asset Inventory and many more.   CIEM new graph visualization June 2022 Please join us to learn about the new "Graph Visualization" feature. In this demo-focused webinar, we will show you how easily you can get a high-level overview of the cloud identity permissions, review connections between source, granted, and destination to understand why this particular identity can access these specific resources, and more.    Microseg Update - Automating Microsegmentation policies using App Profiling and Out of Box templates May 2022 Please join us to learn more about cloud network security module in Prisma Cloud. You can implement a single network security policy model that works on any cloud or Datacenter environment across different workload types (containers/VMs/Hosts). In this demo focused webinar, we will show you how you can easily create microsegmentation policies by using the App Profiling capability.   Prisma Cloud Monthly Product Overview:   Cloud Code Security Features April 2022 Please join Gilad Mark and Taylor Smith to learn more about the cloud code security module in Prisma Cloud. You can do IaC security, software composition analysis (SCA), drift detection and secret detection using the module. In this demo focused webinar, we will show you the existing functionality as well as give a sneak peek in the upcoming functionality.   Prisma Cloud Monthly Product Overview:   Adoption Advisor and CIEM/IAM March 2022 Join us for this hands on demo with Product Manager, Izabella Yankelevich:   Adoption Advisor: The Adoption Advisor aims to improve product adoption by adding visibility into feature utilization and undiscovered product capabilities. During this session, we will go over the objectives of the Adoption Advisor and walkthrough.   CIEM/IAM: As organizations increasingly adopt Infrastructure-as-a-Service (IaaS) models for cloud development, the number of entities that are granted access to critical infrastructure necessarily grows as well. However, organizations must ensure these entitlements are tightly controlled. To help our customers better address these growing risks, Prisma Cloud offers Cloud Infrastructure Entitlement Management (CIEM) multi-cloud capabilities. These capabilities include: * Net effective permissions analysis: Seamlessly analyze and gain visibility for accounts, resources, and workloads. * IDP integration: Ingest single sign-on (SSO) data from IDPs to calculate net-effective user permissions, no matter which CSP or service the user is accessing.    Prisma Cloud Monthly Product Overview: Cloud Security Posture Management (CSPM) Update February 2022 Palo Alto Networks will discuss new CSPM capabilities including TOR-based threat detection, Cloud Network Analyzer-based policies that detect cloud resources that are truly exposed to the Internet, and others   Prisma Cloud Monthly Product Overview: 22.01 Prisma Cloud Compute (Joule) Release January 2022 With the proliferation of virtual machines, containers, Platform-as-a-Service and Serverless architectures, security, infrastructure, and DevOps teams need a centralized solution to provide visibility and protection across the continuum of cloud native architectures to address vulnerabilities, manage compliance, and enable runtime protection. For example, with a   vulnerability like Log4Shell, security teams would quickly want to identify vulnerable applications while also protecting their applications from threats and attacks. Please join us and learn about the new Cloud Workload Protection and Web App & API Security additions with our Prisma Cloud Joule release. Release highlights include: General availability of Agentless Security to scan VMs on AWS:   By adding agentless security we are increasing the speed and simplicity of initial scanning and risk prioritization, providing a quick posture overview without deploying agents. Prisma Cloud is the first on the market offering both agentless and agent-based security for comprehensive protection. Pre-Deployment virtual machine image library analysis for Azure and Google Cloud:   Seamless scanning of machine images now supports two additional public clouds. Kubernetes auditing enhancements for AKS and EKS:   Security and DevOps teams can now capture and analyze Kubernetes auditing data from public cloud Kubernetes services to identify risks and security events. Enhancement to vulnerability management:   Extended and granular scope for tags for enhanced exception and metadata reporting on vulnerabilities. Web Application and API Security:   New analytics dashboards for improved web application attack visibility and support for gRPC protection. Prisma Cloud Monthly Product Overview: "Code-to-cloud" security for AWS  November 2021 Palo Alto Networks will discuss our current capabilities with AWS and how far we've come. We will present what is on the horizon, and give a look at how all our technologies are coming together. Come and see what Prisma Cloud's capabilities for AWS are, and hear why we are the best cloud security platform for AWS.   Prisma Cloud Monthly Product Overview: Why Prisma Cloud is the best cloud security Platform for Azure October 2021 Palo Alto Networks will discuss our current capabilities with Microsoft Azure and how far we've come. We will present what is on the horizon, and give a look at how all our technologies are coming together. Come and see what Prisma Cloud's capabilities for Microsoft Azure are, and hear why we are the best cloud security platform for Microsoft Azure   Prisma Cloud Monthly Product Overview: Prisma Cloud Compute 21.08 (Iverson Release) October 2021 Join us to learn about the new capabilities and improvements in the latest Prisma Cloud's Cloud Workload Protection - Release 21.08 (Iverson). In this session, we will discuss some of the key capabilities of the release. 1. Container Security: ML-driven pre-deployment image analysis sandbox. 2. Host Security: Auto-protection for virtual machines on Azure and Google Cloud. 3. Web Application and API Security: Windows support, service mesh support, and improved API telemetry. 4. SaaS improvements: Deeper integration with alerts, auto-discovery of all cloud workloads 5. Partner Update: Prisma Cloud is a Red Hat® Certified Technology Vulnerability Scanner   Prisma Cloud Monthly Product Overview: Prisma Cloud CSPM - Network-based Data Exfiltration Detection August 2021   Data breaches in public cloud environments continue to be a significant problem. To help address it, Prisma Cloud recently released a new threat detection capability - Network-based data exfiltration detection. Prisma Cloud uses advanced machine learning (ML) algorithms to   analyze network flow logs to create a model of baseline activity.   It can then detect deviations from that baseline that could signal malicious data exfiltration attempts, and create an alert. Join us and learn about this new capability as well as other existing threat detection capabilities. Blog link: https://www.paloaltonetworks.com/blog/prisma-cloud/how-to-set-up-prisma-cloud-threat-detection/     Prisma Cloud Monthly Product Overview: Preview of CSPM 2.0 Launch & Major Policy Updates  July 2021   Prisma Cloud (CSPM) Delivers Five New Innovations to Help Security Teams Reduce Alert Noise, Detect Advanced Threats and Simplify Cloud Data Security. We are excited to add new CSPM functionality to this stack to help further reduce risks and detect advanced attacks across cloud infrastructures: True Internet Exposure Visibility-as-Code Network Data Exfiltration Detection Anomalous Compute Provisioning Detection Customizable Object-Level Scanning for AWS S3 21.7.2 Policy Updates for Alert Fatigue     Prisma Cloud Monthly Product Overview: MITRE Att&ck Capabilities - Prisma Cloud and Compute June 2021     The MITRE ATT&CK® knowledge base is the most widely adopted framework for security teams across the industry. Prisma Cloud now supports MITRE ATT&CK® framework for various use cases. In this webinar, Prisma Cloud Product Management team will present an overview and hands-on demo to show how to leverage the updated ATT&CK frameworks to enhance your Cloud Security Posture Management and Cloud Workload Protection.     Prisma Cloud Monthly Product Overview: New Threat Detection capabilities in Prisma Cloud  May 2021     In addition to providing cloud visibility, compliance and governance, Prisma Cloud has been providing Machine Learning and Threat Intelligence based threat detection for years. We recently released a new threat detection capability - anomalous compute provisioning - that can detect threats such as cryptojacking. Come and learn about this new capability as well as other existing threat detection capabilities that can detect issues such as account hijack, excessive login failures, port scan, port sweep and others. We will also discuss where we are going with our threat detection roadmap.     Prisma Cloud Monthly Product Overview: Compute & Microsegmentation Release Update April 2021     Learn about what is new in the upcoming Prisma Cloud with respect to the Compute & Microsegmentation capabilities.      Prisma Cloud Monthly Product Overview: Oracle Cloud (OCI) Overview March 2021     Prisma Cloud has extended its cloud security posture management to Oracle Cloud Infrastructure (OCI). The Prisma Cloud Product Management team will present an overview and hands-on demo on how cloud and security teams using Prisma Cloud on OCI can quickly get onboarded and gain comprehensive visibility for all multi- and hybrid-cloud assets in a single console to help understand their cloud attack surface. Join us to enhance the security of your cloud workloads on OCI!   Prisma Cloud Monthly Product Overview: Data Security for AWS Feb. 2021 Prisma Cloud Data Security is a new Prisma Cloud Module in the Cloud Security Posture Management (CSPM) pillar. Our PM team reviews the customer challenges this new module solves in addition to all of the capabilities currently available within the Data Security Module (currently AWS S3 only).   Prisma Cloud Monthly Product Overview: Prisma Cloud Enterprise Suite January Updates Jan. 2021 Join us this month to get insight into the latest release of Prisma Cloud Enterprise including our Cloud Security Posture Management, and Cloud Workload Protection Platforms. The Prisma Cloud Product Management team will present a overviews and hands-on demos of the new features we’ve added in the latest major release, such as Web-Application and API Security (WAAS) updates, host security, container security, and shift-left enhancements in Prisma Cloud Compute (CWPP), as well as Alarm Center updates in Prisma Cloud Enterprise (CSPM).   IAM Security Roadmap Dec. 2020 The new Prisma Cloud IAM Security module is an industry-leading CIEM solution. it automatically calculates effective permissions across cloud service providers, detects overly permissive access and suggests corrections to reach least privilege entitlements. Join the IAM PM team (Bar Schwartz, Shaked Zin) as they present a hands-on demo of the new module.   Prisma Cloud - Shift Left + CNSP Nov. 2020 New Prisma Cloud DevOps Inventory UI is coming in 20.11.2! Join us to learn to configure this UI as well as brand new "build" alert rules. In addition, we will talk about drift detection, and sign up interested customers for the upcoming design partner program. The microsegmentation private beta is released on Prisma Cloud! Join us for a walk thru of the product and how it will fit into the Cloud Network Security module. Learn how you can visualize and secure communications in kubernetes, between VMs and/or containers, using identity. We will also talk about how to identify customers that would be a good fit for the private beta.   Prisma Cloud - Compute Workload Protection (CWP) Oct. 2020 Introducing Prisma Cloud Compute 20.09, the latest update to our Cloud Workload Protection Platform. Join the Compute PM team (Aqsa Taylor, Avi Shulman, Hari Srinivasan, Tomer Spivak, and Pradnesh Patil) as they present a hands-on demo of the new features we’ve added in the latest major release, such as cluster aware radar, git repo scanning, enhanced host security, and Compute SaaS integration in Prisma Cloud Enterprise Edition.   Roadmap Session - Prisma Cloud Compute Sept. 2020 Learn about what is new in the upcoming Prisma Cloud Compute Release - Enhanced cluster awareness across the product, more integrated Cloud Account onboarding process between Compute and the Prisma Cloud platform, our first step in securing packages prior to build time with GIT repository scanning, an enhanced look to our Host security and our new and improved application firewall capability, transitioning CNAF into WAAS (Web Application and API Security).   Product Update Aug. 2020 Learn about the recent releases and the product roadmap.   Network Security and Micro-segmentation July 2020 Autofocus Integration (Network Security) & Micro-segmentation   Sneak Preview of Prisma Cloud Data Security (DLP) June 2020 Brief preview of upcoming  Data Security module and Q&A about Data security   Prisma Cloud Product Update May 2020 Learn about the recent releases and the roadmap.   Shift Left + Prisma Cloud Compute SaaS Integration Phase 2 Apr. 2020 For developers & DevOps: tools to use natively in their IDE, Git and CICD environments; and Prisma Cloud - Compute integration features.   Office Hours with Customer Success - Incident Response Case Study (Part 2) Mar. 2020 Malware — Investigate and Remediate.   Office Hours with Customer Success - Incident Response Case Study (Part 1) Feb. 2020 Malware — Incident and Impact.   Prisma Cloud Product Roadmap Jan. 2020 Upcoming New Features in Prisma Cloud.   Prisma Cloud - TwistLock/PureSec Integration Dec. 2019  Prisma Cloud + TwistLock Integration   Alert Burndown Nov. 2019 Learning to manage alerts.   RQL Deep Dive Oct. 2019 Learning to use RQL    
View full article
Understanding the Attack Surface Using Prisma Cloud SaaS by RD Singh and Muhammad Rehan   Recent Log4Shell and SpringShell vulnerabilities created havoc for many organizations struggling to discover the impacted resources. The Palo Alto Networks Prisma Cloud (CSPM and CWPP) not only can help the organizations to discover the impacted resources, but can also protect the exploit from happening.   In this article, we will walk you through how to leverage the Prisma Cloud Product in order to gain visibility of your cloud resources.   How Prisma Cloud Can Help   The Palo Alto Networks Prisma Cloud Security Platform can detect and identify Log4Shell and SpringShell attack payloads sent to applications. The good news is that Prisma Cloud users can easily detect software components affected by these vulnerabilities.    The Prisma Cloud Intelligence Stream (IS) automatically updates to include the vulnerability information from official vendor feeds. This allows Prisma Cloud to directly reflect any updates or analysis by Linux distribution and application maintainers, allowing Prisma Cloud to detect any affected hosts, images, containers and functions. Figure 1: Log4Shell CVEs in the Intelligence Stream   Query Your Environment for Impacted Resources   Prisma Cloud’s Resource Query Language (RQL) provides a quick and easy way to query for resources impacted. In this case, users can utilize the Prisma Cloud platform's capabilities to isolate assets with vulnerabilities and prioritize further by looking for internet-exposed assets receiving traffic.   The below RQL lists the instances in your cloud that have the Log4Shell (CVE-2021-44228) and/or SpringShell (CVE-2022-22963 or CVE-2022-22965) specific vulnerabilities.    Note: RQL is only applicable to the Prisma Cloud SaaS.   config from cloud.resource where finding.type IN ( 'Host Vulnerability', 'Serverless Vulnerability', 'AWS GuardDuty Host') AND finding.name IN ('CVE-2022-22963', 'CVE-2022-22965', 'CVE-2021-44228')   Figure 2: Config RQL to discover the vulnerable instances   Here is the RQL to know the Internet exposed instances that are receiving traffic in your cloud and have the Log4Shell (CVE-2021-44228) and/or SpringShell (CVE-2022-22963 or CVE-2022-22965) specific vulnerabilities:   network from vpc.flow_record where bytes > 0 AND source.resource IN ( resource where finding.type IN ( 'Host Vulnerability', 'AWS GuardDuty Host') AND finding.source IN ( 'Prisma Cloud' ) AND finding.name IN ('CVE-2022-22963', 'CVE-2022-22965', 'CVE-2021-44228') ) AND destination.publicnetwork IN ('Internet IPs', 'Suspicious IPs')   Figure 3: Config RQL to discover the vulnerable instances   In addition to RQL Prisma Cloud Compute can help to search for the specific CVE in Vulnerability Explorer where Defender agents are deployed.   Note: The Prisma Cloud Compute needs to be enabled to view the Vulnerability Explorer within the Prisma Cloud SaaS.   Figure 4: CVE search result in Vulnerability Explorer The below screenshot is an example of container image details where CVE-2022-22965 is shown as Critical.   Figure 5: Image details Conclusion   The Log4Shell and SpringShell vulnerabilities are high-impact vulnerabilities that are easy for attackers to exploit and have far-reaching consequences on the industry as a whole. In this post, we discussed some detection and prevention strategies for these particular vulnerabilities, and showcased detection capabilities of the Prisma Cloud Security Platform.    Prisma Cloud can help in detecting all vulnerable instances in your deployments. Prisma Cloud may also be configured to fully prevent running any vulnerable images or hosts.   A complete proof-of-concept of Prisma Cloud protections for Log4Shell exploits, including runtime and WAAS protections, can be found in this video . References : https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/   About the Authors: RD Singh and Muhammad Rehan are senior customer success engineers specializing in Prisma Cloud, Next-Generation Firewall, AWS, Azure, GCP, containers and Kubernetes. They use collaborative approaches to break down complex problems into solutions for global enterprise customers and leverage their multi industry knowledge to inspire success.      
View full article
Prisma Cloud provides comprehensive security for the cloud-native application’s entire journey from code to cloud. In this session, hear from the product team about the exciting new features that deliver unification of assets & alerts across the platform and several other features on tap for delivery in the near term. This session will also cover updates to the Cloud Security Posture Mgmt. and Identity security areas.   Session 1 Prisma Cloud Security Platform - Integrated Platform Experience, CSPM, and CIEM Updates June 2022   Session 2 Prisma Cloud’s Compute Workload & Code Security - New Release Updates June 2022
View full article
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Top Contributors
Top Liked Posts in LIVEcommunity Article
Top Liked Authors