Microsoft Azure customers can now secure their data and networks and gain broader governance across their cloud assets.
Prisma Cloud, a leader in Cloud Security Posture Management (CSPM), reduces the complexity of securing multicloud environments while radically simplifying compliance. Security and compliance teams gain comprehensive visibility across public cloud infrastructure with continuous, automated monitoring that provides insights into new and existing assets, anomalous behaviors, and potential threats.
Last month, Palo Alto Networks announced new critical Prisma Cloud capabilities including some new use cases for Azure customers, providing:
- Data Security for Azure extends Palo Alto Networks Enterprise DLP and WildFire solutions to Azure Blob Storage for visibility, data classification and malware detection.
- True Internet Exposure for Azure extends the ability to create alerts about internet-exposed cloud assets, assisting in investigating risky network paths, to Azure customers.
- Expanded Visibility Across Azure Environments rapidly provides CSPM visibility as Microsoft Azure introduces new services.
With the latest release of Prisma Cloud, our customers get access to best-in-class code-to-cloud security from our integrated Cloud-Native Application Protection Platform (CNAPP) to protect their public cloud and multicloud infrastructure.
Data Security for Azure Blob Storage
The near-limitless capacity offered by cloud storage services has enabled organizations to collect massive amounts of data – volumes that quickly exhaust traditional, manual processes for data classification.
According to Unit 42 threat research, 64% of data in the cloud contains sensitive information (PII, PHI, IP and financial data). Prisma Cloud provides Data Security for Azure Storage Blob to address these challenges. It can continuously discover and automatically protect sensitive cloud data at the scale and velocity of public cloud environments. By combining Palo Alto Networks Enterprise Data Loss Prevention (DLP) Engine and Wildfire for malware analysis, users gain deep visibility and direct control.
- Multicloud Data Visibility and Classification: With comprehensive visibility into the security and privacy posture of the data stored in AWS S3 and Azure Blob Storage, users immediately gain insight into any exposed or publicly accessible storage resources.
- Malware Protection: By leveraging WildFire, Prisma Cloud identifies and helps protect against known and unknown file-based threats that may have infiltrated storage accounts.
- Data Exposure Risk Analysis: Automatically and continuously monitor configurations for access control, policy, objects and others to calculate the exposure of objects, which allows users to quickly remediate unintended settings for storage resources identified as containing sensitive data.
You can learn more about Data Security for Azure here.
Data inventory for Azure and AWS
True Internet Exposure for Azure
Prisma Cloud takes a multi-dimensional approach to identifying overly-exposed cloud resources, providing end-to-end network path visibility between any source and destination – IaaS instances, PaaS instances, serverless functions, the internet, or other VPCs, just to name a few. True Internet Exposure now supports Azure environments and was previously available for AWS.
- Comprehensive Visibility: Spend less time combing through configurations and manually stitching together resource mappings to understand the cloud network. Prisma Cloud builds a complete network path to and from cloud resources to give you easy-to-understand visibility.
- Improved Risk Assessment: Easily identify open pathways that allow lateral movement across the cloud infrastructure and make informed security decisions that help you reduce the attack surface radius and partition the network.
- Reduced Alert Fatigue: Stop false positives and move away from alerts against single network points (such as security groups). Adopt a model that evaluates network exposure of resources before generating an alert.
Investigate the risky network paths that expose critical assets to the internet
Expanded Visibility Across Azure Environments
The CSPM market is flooded with tools that provide basic visibility and governance for cloud resources for just a small subset of the 100+ IaaS and PaaS services offered by Microsoft Azure. As Microsoft continuously rolls out new Azure products for their customers, average CSPM tools can take several months, even a year, before extending visibility to resources under these new services. If developers use these new services, their cloud security team faces two unpleasant options:
- Let developers deploy those new services while cloud security flies blind
- Ask developers to re-architect their cloud applications and use the limited number of cloud services that security teams can monitor.
Companies that use these average CSPM solutions become hesitant to adopt new Azure technologies until their cybersecurity tools are ready, creating tradeoffs between developer innovation and security.
With the latest release, Prisma Cloud provides visibility, compliance, and governance for resources on nearly all Microsoft Azure IaaS and PaaS services. Furthermore, if Microsoft releases a new Azure service, then Prisma Cloud customers can expect CSPM support for the new service within 15 days. Prisma Cloud detects new services and surfaces cloud resources deployed for that service without manual user intervention.
This innovation further validates Prisma Cloud’s leadership in the CSPM market and ensures customers can safely take advantage of all new Azure technologies.
Prisma Cloud provides more coverage for Azure environments than other leading CSPM vendors
Learn More About Prisma Cloud
To learn about our latest innovations and how they fit our vision for code-to-cloud security, join us on November 15th. Palo Alto Networks product leadership will be discussing industry trends and insights on how to secure your move to the cloud.
If you want to get hands-on experience with these new capabilities, request a 30-day trial.