Palo Alto Networks Prisma Cloud Supply Chain Security Reduces Code Complexity and Risk
As software supply chain attacks rapidly increase, Palo Alto Networks announced Prisma Cloud Supply Chain Security to provide a comprehensive view of where potential vulnerabilities or misconfigurations exist in the software supply chain – allowing organizations to quickly go back to the source and correct them.
If not patched quickly or, better yet, avoided during coding, these security flaws could allow attackers to infiltrate systems, push malicious payloads into an organization’s software, and gain access to sensitive data.
According to Gartner, “by 2025, 45% of organizations worldwide will have experienced attacks in their software supply chains, a threefold increase from 2021.” The Unit 42 Cloud Threat report also revealed that access to hard-coded credentials opens the door to lateral movement and poisoning of the continuous integration/delivery (CI/CD) pipeline.
Many current solutions only provide information about vulnerabilities and misconfigurations at a resource layer in code or in the cloud. With Supply Chain Security, Prisma Cloud, already a leader in cloud-native security and the most comprehensive cloud-native application protection platform (CNAPP), not only provides complete lifecycle visibility and protection, but also the context in which a vulnerability fits into the layers of a cloud. architecture.
“Every day, new vulnerabilities are discovered in open source and other software components that have already been integrated into the organization’s software code. Without the proper tools, it is very difficult for organizations to quickly track where they have used unpatched versions of these components,” said Ankur Shah, senior vice president, Prisma Cloud Products, Palo Alto Networks. “Prisma Cloud is designed to help protect organizations from code to cloud; and now that customers can visualize their software supply chain, it’s easier to spot, prioritize, and remediate security weaknesses early in development and during delivery pipelines.
Prisma Cloud Supply Chain Security helps provide a complete stack lifecycle approach to securing the interconnected components that make up and deliver cloud-native applications. It can help identify vulnerabilities and misconfigurations in code, including open-source packages, infrastructure-as-code (IaC) files, and delivery pipelines, such as the version control system ( VCS) and CI pipeline configurations. It includes the following features:
- Auto Discovery: Code assets are extracted and modeled using existing Cloud Code Security scanners.
- Graphic visualization: Simple and comprehensive inventory of key application and infrastructure asset dependencies to understand attack surface weaknesses.
- Fix supply chain code: Vulnerable dependencies or misconfigured IaC resources can be fixed using a single consolidated pull request.
- Analysis of the code repository: Identify and fix open source package vulnerabilities in application code.
- Branch protection rules: Extends policy as code to harden VCS and CI/CD configurations (via Checkov) to help prevent code tampering attacks.
With these capabilities, organizations can better assess the attack surface of their delivery pipelines and all connected application and infrastructure resources so they are better equipped to help prevent blockchain attacks. supply. Implementing Prisma Cloud supply chain security as part of a Zero Trust architecture is one of the best ways for an organization to prevent software supply chain attacks.
“A thriving community creating a wide range of open source software helps developers speed up their coding and product delivery, but it increases the attack surface if you can’t ensure the code is secure,” says Melinda. Marks; Senior ESG Analyst, Application and Cloud Security. “The new Prisma Cloud enhancements allow DevOps and security teams to fully understand their software supply chains so they can identify and fix coding flaws to secure their cloud-native applications.”
The new Supply Chain Security visualization is now available in Prisma Cloud and Bridgecrew by Prisma Cloud.