Skip to content

Prisma Cloud delivers context-aware software program composition evaluation to safe deployment of open supply software program

Dubai, UAE — Open supply software program is a important part of cloud-native purposes, permitting builders higher pace and modularity with out having to reinvent the wheel every time they code. Nevertheless, because the Unit 42 Cloud Menace Report, 2H 2021 discovered, open supply software program can usually comprise identified vulnerabilities, which may open organizations as much as important danger. Palo Alto Networks (NASDAQ: PANW), the worldwide cybersecurity chief, right now launched the {industry}’s first context-aware software program composition evaluation (SCA) answer to assist builders safely use open supply software program elements. The combination of SCA into Prisma® Cloud additional demonstrates why Palo Alto Networks is the main supplier of cloud-native safety.

Conventional SCA options are standalone merchandise that may produce numerous alerts however lack the runtime context to assist repair vulnerabilities. With the addition of SCA to the Prisma Cloud platform, builders and safety groups can proactively floor and prioritize identified vulnerabilities that influence the applying lifecycle (ie, code, construct, deploy and run). Prisma Cloud SCA delivers deep dependency detection and remediation of vulnerabilities in open supply software program earlier than purposes attain manufacturing. It may additionally assist builders prioritize remediation based mostly on software program elements which might be already in use. These capabilities should not potential when SCA options are deployed as single level merchandise.

“Builders leveraging open supply software program ought to be capable of construct purposes with the arrogance they are not opening the group as much as danger,” stated Ankur Shah, senior vice chairman, Prisma Cloud, Palo Alto Networks. “With the common utility consisting of 75% open supply elements, SCA on Prisma Cloud is essential to defending the group from code to cloud and empowering builders to construct with pace.”

As an entire cloud-native utility safety platform (CNAPP), Prisma Cloud is context-aware at each stage of the applying lifecycle to offer a unified view of danger throughout organizations’ cloud environments. The place present approaches to cloud safety depend on siloed merchandise that present intermittent visibility with out remediation, Prisma Cloud approaches cloud safety with a complete, prevention-first framework. With 188% improve in cloud incident response circumstances over the previous three years, this shift in method has turn out to be obligatory.

A whole code-to cloud CNAPP wants to include the next 5 key ideas as a way to hold organizations secure:

  • Safety from code to cloud — protects purposes at each stage of the event lifecycle — from code, construct, deploy and run.
  • Steady, real-time visibility — makes use of real-time and contextual safety evaluation of cloud environments to assist stop misconfigurations, vulnerabilities and threats.
  • Prevention-first safety — stopping assaults and defending towards zero-day vulnerabilities to drive down imply time to remediation.
  • Selection for each cloud journey — aligning safety wants with present and future cloud priorities by supporting a breadth of cloud service suppliers, workload architectures, steady integration and steady supply (CI/CD) pipelines, built-in growth environments (IDEs), and repositories with a unified platform
  • cloud-scale safety — Persistently safe purposes as cloud environments scale.

Along with SCA and to additional improve the security of cloud-native purposes, Prisma Cloud launched a software program invoice of supplies (SBOM) amongst different capabilities for builders to simply preserve and reference an entire codebase stock of each utility part used throughout cloud environments. Implementing SCA and SBOM ensures Prisma Cloud aligns with these ideas.

“Patrons in search of cloud-native safety options must hold the necessities of microservices safety safety in thoughts. The ‘bolted-on’ and ‘whack-a-mole’ approaches are a factor of the previous,” stated Frank Dickson, program vice chairman, Safety and Belief at IDC.”Safety needs to be embedded all through the applying growth life cycle. Because of this consumers must basically change their method to safety, though they should proceed to guard their run-time environments, they have to additionally embrace options that embed safety within the utility growth course of, an method known as ‘shift left.’ Shift left requires one to assume much less about safety merchandise and extra about steady safety processes.”


The brand new SCA module and SBOM functionality in Prisma Cloud are usually out there right now.


About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity chief. We innovate to outpace cyberthreats, so organizations can embrace know-how with confidence. We offer next-gen cybersecurity to 1000’s of consumers globally, throughout all sectors. Our greatest-in-class cybersecurity platforms and companies are backed by industry-leading menace intelligence and strengthened by state-of-the-art automation. Whether or not deploying our merchandise to allow the Zero Belief Enterprise, responding to a safety incident, or partnering to ship higher safety outcomes by a world-class accomplice ecosystem, we’re dedicated to serving to guarantee every day is safer than the one earlier than. It is what makes us the cybersecurity accomplice of selection.

At Palo Alto Networks, we’re dedicated to bringing collectively the easiest individuals in service of our mission, so we’re additionally proud to be the cybersecurity office of selection, acknowledged amongst Newsweek’s Most Cherished Workplaces (2021), Comparably Finest Corporations for Variety (2021), and HRC Finest Locations for LGBTQ Equality (2022). For extra info, go to

Palo Alto Networks, Prisma, and the Palo Alto Networks brand are registered emblems of Palo Alto Networks, Inc. in the USA and in jurisdictions all through the world. All different emblems, commerce names, or service marks used or talked about herein belong to their respective homeowners. Any unreleased companies or options (and any companies or options not usually out there to clients) referenced on this or different press releases or public statements should not at present out there (or should not but usually out there to clients) and might not be delivered when anticipated or at there. Clients who buy Palo Alto Networks purposes ought to make their buy choices based mostly on companies and options at present usually out there.

Media Inquiries:
Anisha Pamnani, Advisor, Wallis PR


Leave a Reply

Your email address will not be published.