Prisma Cloud extends to workload protection and vulnerability management with Twistlock and PureSec
It’s a cliché at this point to open these blog posts with a line about how “enterprises are embracing the cloud.” Everybody knows that, and yes, I realize I just did it. Old habits die hard. Based on the now inevitable move to the cloud and countless conversations with our customers, Palo Alto Networks set out to create the most complete Cloud Native Security Platform in the industry. While we knew the importance of solving the needs of different business teams by offering a wide breadth of security capabilities (i.e. DevSecOps has different needs from SOC analysts), we also knew it would be crucial to make sure that everything we offer is best-in-class.
Starting about a year and a half ago, Palo Alto Networks made a series of strategic acquisitions: Evident.io, RedLock, Twistlock and PureSec. Each company’s products offer a set of unique capabilities in the world of cloud and application security. Today, we are incredibly excited to announce we are bringing all of these capabilities under one name, Prisma Cloud, the most complete Cloud Native Security Platform.
How Does Prisma Cloud Help You?
Prisma Cloud includes the Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP) and Data Loss Prevention (DLP) capabilities already used by thousands of RedLock and Twistlock customers, now integrated into one platform. Customers can now use Prisma Cloud as a single pane of glass to secure their entire application lifecycle from build to deploy to run across IaaS, PaaS, network, storage, host, container and serverless.
Cloud Visibility
Prisma Cloud gives you a unified view of security and compliance posture across the application lifecycle and cloud environments. Shine a light on your organization’s cloud assets and know what you have, where you have it and how it affects your security posture, from Infrastructure-as-Code (IaC) tools such as Terraform, CloudFormation and Kubernetes YAMLs, to images in registries and cloud resources.
Governance and Compliance
Prisma Cloud helps businesses meet government or industry-mandated compliance standards as well as custom compliance requirements with ease by generating one-click, audit read compliance reports and continuously monitoring all cloud services for misconfigurations.
Container, Serverless and Host Security
Protect workloads from build to run by detecting and preventing vulnerabilities in container images, functions, hosts and IaC templates. Actively defend applications with runtime protection, least-privilege microsegmentation and cloud native application and network firewalling, regardless of the underlying compute that powers them in hybrid or multicloud environments.
DevSecOps Enablement
Shift left by integrating security as early as possible in the application lifecycle. Prisma Cloud integrates with continuous integration (CI) and developer tools so you can implement safeguards that prevent vulnerable images, serverless functions and IaC templates from reaching deployment.
What’s New with Prisma Cloud?
With the latest release, Prisma Cloud introduces a slew of new features, but one thing is obvious at first glance. Prisma Cloud has a new look!
The first thing you might notice is that the navigation menu is now on the left, and is neatly collapsible so you can use all your screen real estate. The second thing is the addition of the Compute tab.
Clicking on the Compute tab will collapse the navigation menu and reveal the capabilities integrated from Twistlock and PureSec. Here are some of the features that will be included in this upcoming release:
New Feature | Benefit |
Compute tab – access all workload protection and vulnerability management capabilities within Prisma Cloud | Single pane of glass UI for CSPM and CWPP |
SaaSified Prisma Cloud Compute (Twistlock Console) instance for each Prisma Cloud tenant | Eliminates the need to install, update and manage a CWPP console. |
Single Sign On (SSO) support for new features | Easy access to all the CSPM & CWPP capabilities in a single interface |
Resource Query Language (RQL) on host and serverless vulnerability | See host and serverless vulnerabilities natively inside Prisma Cloud’s Resource Explorer alongside config, network and audit data |
How Can I Use Prisma Cloud?
With these latest additions, you can now implement a comprehensive cloud security strategy that caters to a wide variety of professionals, such as DevOps, DevSecOps, SecOps and cloud security architects, using a single platform. Customers can choose the subset of capabilities that matches their needs with Prisma Cloud’s different editions and deployment models. With all editions, different views can be configured to make sure each user only has access to what they need. For example, security analysts will have access to the Security Operations dashboards, where they can see alerts on misconfigured cloud services, while a DevOps engineer can access the Compute tab to deploy agents to secure hosts, containers and serverless.
Prisma Cloud Packaging Options | What You Get |
Prisma Cloud Enterprise Edition | This edition includes all Prisma Cloud capabilities, including CSPM (from Evident and RedLock) and CWPP (from Twistlock and PureSec). Customers get full visibility and security posture management on their cloud infrastructure and services, as well as full lifecycle workload protection and vulnerability management across multi and hybrid clouds. This edition is delivered as a SaaS solution. |
Prisma Cloud Compute Edition | This edition includes the workload protection and vulnerability management capabilities of Prisma Cloud. These are the CWPP features from Twistlock and PureSec and are mostly agnostic of cloud platform. This edition is delivered as a self-hosted solution, meaning customers can deploy Prisma Cloud Compute Edition software on their own cloud or datacenter. |
I Want to Try Prisma Cloud!
If you are an existing Prisma Cloud Enterprise Edition customer, the Compute tab (where you can access the CWPP capabilities from Twistlock and PureSec) will be automatically enabled in your Prisma Cloud tenant. The rollout of this capability to the Prisma Cloud customer base will start from mid-November 2019 and continue into December. When your tenant is enabled with the Compute tab, you will see a message pop up. Once you see the Compute tab, you can click on it, deploy agents in your hosts, containers and serverless environment and start securing those.
Please review the updated Prisma Cloud licensing requirements to understand how your usage of the Compute tab capabilities will be counted toward your Prisma Cloud licenses. If you’re not yet a customer, start a free trial of Prisma Cloud today!