Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Palo Alto Networks launches Prisma Cloud Supply Chain Security

With software supply chain attacks rising rapidly, Palo Alto Networks announced Prisma Cloud Supply Chain Security is to provide a complete view of where potential vulnerabilities or misconfigurations exist in the software supply chain designed to enable organisations to quickly trace the source and fix these.

user icon
Thu, 10 Mar 2022
Palo Alto Networks launches Prisma Cloud Supply Chain Security
expand image

These security flaws could allow attackers to infiltrate systems, spread malicious payloads throughout an organisation’s software and access sensitive data if not quickly fixed or avoided during coding.

According to Gartner, By 2025, 45 per cent of organisations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. Unit 42’s Cloud Threat Report also found that access to hardcoded credentials opened the door for lateral movement and continuous integration/continuous delivery (CI/CD) pipeline poisoning.

Many current solutions only provide vulnerability and misconfiguration information at a resource layer in code or in the cloud. With Supply Chain Security, Prisma Cloud provides cloud native security and a complete Cloud Native Application Protection Platform (CNAPP), not only full life cycle visibility and protection but also the context of where a vulnerability fits into the layers of a cloud architecture.

============
============

Every day, new vulnerabilities are found in open source and other software components that have previously been integrated into the organisations software code.

Without the proper tools, it is very difficult for organisations to quickly spot where they have used the unpatched versions of these components, according to Ankur Shah, senior vice-president, Prisma Cloud products, Palo Alto Networks.

"Prisma Cloud is designed to help protect organisations from code to cloud; and now that customers can visualise their software supply chain, it’s easier to spot, prioritise, and remediate security weaknesses at the onset of development and during delivery pipelines," Shah said.

Prisma Cloud Supply Chain Security is designed to provide a full stack, full life cycle approach to securing the interconnected components that make up and deliver cloud native applications.

It aims to help identify vulnerabilities and misconfigurations in code, including open-source packages, infrastructure as code (IaC) files and delivery pipelines, such as version control system (VCS) and CI pipeline configurations:

  • Auto-discovery: Code assets are extracted and modelled using existing Cloud Code Security scanners.
  • Graph visualisation: Simple and complete inventory of key application and infrastructure asset dependencies to understand weaknesses across the attack surface.
  • Supply chain code fix: Vulnerable dependencies or misconfigured IaC resources can be remediated using a single consolidated pull request.
  • Code repository scanning: Identify and fix vulnerabilities in open-source packages in application code.
  • Branch protection rules: Extends policy-as-code to harden VCS and CI/CD configurations (via Checkov) to help prevent code tampering attacks.

With these features, organisations can better assess the attack surface of their delivery pipelines and all connected application and infrastructure resources to be better equipped to help prevent supply chain attacks.

Organisations can prevent software supply chain attacks by implementing Prisma Cloud supply chain security as part of a zero-trust architecture.

A thriving community creating a vast array of open-source software helps developers accelerate their coding and product delivery, Melinda Marks, ESG senior analyst for application and cloud security explains, but it increases the attack surface if you cant make sure the code is secure.

"The new enhancements in Prisma Cloud allow DevOps and security teams to fully understand their software supply chains so they can identify and remediate coding flaws to secure their cloud native applications."

[Related: WithYouWithMe launches new employment pathway with National Resilience Database]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.