Palo Alto Networks Extends Scope of CNAPP Reach

Via a Darwin update, Palo Alto Networks this week added six capabilities to its cloud-native application protection platform (CNAPP) as part of an ongoing effort to unify the management of cybersecurity from the point when applications are built to where they are deployed.

Additions to the Prisma Cloud platform include AppDNA, a tool that provides visibility into all the cloud services, infrastructure assets, compute workloads, application programming interfaces (API) endpoints, data and code that make up an application, and Infinity Graph, a tool that correlates misconfigurations, vulnerabilities, risks, exposures, secrets, identities and sensitive data.

In addition, the company has added a trio of Code to Cloud vulnerability management tools to both identify the root cause of an issue and surface remediation suggestions, along with a dashboard to monitor the software development life cycle.

Finally, a Cloud Discovery and Exposure Management (CDEM) tool enables security teams to discover, evaluate and mitigate unknown and unmanaged internet exposure risks in their cloud environments.

Sai Balabhadrapatruni, vice president of marketing for Prisma Cloud at Palo Alto Networks, said the goal is to enable organizations to unify cybersecurity silos that today span application development, DevSecOps workflows and production environments. Historically, organizations have acquired separate tools and platforms to address different cybersecurity issues. As Prisma Cloud continues to evolve, organizations can now employ one single CNAPP platform to unify the management of those processes spanning from when source code is created to when applications are deployed in the cloud, said Balabhadrapatruni.

That approach, in addition to fostering greater collaboration between the various teams responsible for cybersecurity, provides the added benefit of enabling organizations to reduce the total cost of cybersecurity, he added.

In general, Palo Alto Networks recommends organizations unify cybersecurity by first focusing on visibility before moving on to limiting risk and then protecting runtimes, said Balabhadrapatruni. The immediate issue is simply finding a way for stakeholders to appreciate the scope of cybersecurity challenges the organization faces at a time when the velocity at which applications are being built and deployed only continues to accelerate, he noted.

It’s not clear how quickly organizations are embracing CNAPPs, but interest in a more unified approach to managing cybersecurity is rising. The chronic shortage of cybersecurity skills makes it extremely difficult for organizations to acquire and deploy tools and platforms that each require dedicated specialists to master. A CNAPP provides an extensible platform that makes it simpler to add additional capabilities over time as tactics and techniques employed by cybercriminals continue to evolve.

Those CNAPPs also provide the foundation needed to aggregate enough data to apply various forms of artificial intelligence (AI) to augment cybersecurity teams that are chronically short-staffed.

Regardless of approach, it’s apparent that cybersecurity platforms and processes need to evolve. Current approaches are not robust enough to respond to threats that are only going to grow in terms of both volume and sophistication. The issue, as always, is finding the funding required to make that transition in the face of all the other competing priorities that every organization has.