Palo Alto Networks Prisma Cloud Supply Chain Security GA
March 9, 2022
Cloud Supply Chain Security provides a complete view of where potential
vulnerabilities or misconfigurations exist in the software supply chain —
allowing organizations to quickly trace to the source and fix them. If not
quickly fixed or, better yet, avoided during coding, these security flaws could
allow attackers to infiltrate systems, spread malicious payloads throughout an
organization's software and access sensitive data.
Palo Alto Networks Helps Organizations Combat Software Supply Chain Threats With
New Prisma Cloud Supply Chain Security. Threat modeling visualization, code
repository scanning and pipeline configuration analysis help prioritize
According to Gartner, "By 2025, 45% of organizations worldwide will have
experienced attacks on their software supply chains, a three-fold increase from
2021." Unit 42's Cloud Threat Report also found that access to hardcoded
credentials opened the door for lateral movement and continuous
integration/continuous delivery (CI/CD) pipeline poisoning.
Many current solutions only provide vulnerability and misconfiguration
information at a resource layer in code or in the cloud. With Supply Chain
Security, Prisma Cloud, already a leader in cloud native security and the most
complete Cloud Native Application Protection Platform (CNAPP), provides not only
full lifecycle visibility and protection but the context of where a
vulnerability fits into the layers of a cloud architecture.
"Every day new vulnerabilities are found in open source and other software
components that have previously been integrated into the organization's software
code. Without the proper tools, it is very difficult for organizations to
quickly spot where they have used the unpatched versions of these components,"
said Ankur Shah, senior vice president, Prisma Cloud products, Palo Alto
Networks. "Prisma Cloud is designed to help protect organizations from code to
cloud; and now that customers can visualize their software supply chain, it's
easier to spot, prioritize, and remediate security weaknesses at the onset of
development and during delivery pipelines."
Prisma Cloud Supply Chain Security helps provide a full stack, full lifecycle
approach to securing the interconnected components that make up and deliver
cloud native applications. It can help to identify vulnerabilities and
misconfigurations in code, including open source packages, infrastructure as
code (IaC) files and delivery pipelines, such as version control system (VCS)
and CI pipeline configurations.
It includes the following features:
Code assets are extracted and modeled using existing Cloud Code Security
Graph visualization: Simple and complete inventory of key application and
infrastructure asset dependencies to understand weaknesses across the attack
Supply chain code fix: Vulnerable dependencies or misconfigured IaC resources
can be remediated using a single consolidated pull request.
Code repository scanning: Identify and fix vulnerabilities in open source
packages in application code.
Branch protection rules: Extends policy-as-code to harden VCS and CI/CD
configurations (via Checkov) to help prevent code tampering attacks.
With these features, organizations can better assess the attack surface of their
delivery pipelines and all connected application and infrastructure resources to
be better equipped to help prevent supply chain attacks.Implementing Prisma
Cloud supply chain security as part of a Zero Trust architecture is one of the
best ways an organization can prevent software supply chain attacks.
"A thriving community creating a vast array of open-source software helps
developers accelerate their coding and product delivery, but it increases the
attack surface if you can't make sure the code is secure," says Melinda Marks;
ESG Senior Analyst, Application and Cloud Security. "The new enhancements in
Prisma Cloud allow DevOps and security teams to fully understand their software
supply chains so they can identify and remediate coding flaws to secure their
cloud native applications."
The new Supply Chain Security visualization is now available in both Prisma
Cloud and Bridgecrew by Prisma Cloud.