In this post, guest bloggers Vineet Bhan, Sheba Roy and Ashish Verma of Google Cloud share a closer look at product integrations between Google Cloud and Palo Alto Networks.
Most enterprises have hybrid or multi-cloud deployments, and maintaining consistent security posture across all deployments is always one of their top priorities. In December 2018, we announced an expanded partnership with Palo Alto Networks with exactly that goal in mind. With Google Cloud’s native security toolkit and deep integrations with Palo Alto Networks cloud security products such as the VM-Series, Prisma Public Cloud, and Prisma SaaS, you can define a consistent security posture in Google Cloud and on-premises. Let’s look into some of these integrations.
Governance and compliance: Prisma Public Cloud (formerly RedLock) provides continuous monitoring and compliance reporting for your resource configurations, network configurations, and user activity on Google Cloud. It can now detect risks and provide auto-remediation across ten core Google Cloud Platform (GCP) services, such as Compute Engine, Google Kubernetes Engine (GKE), and Cloud Storage. Prisma Public Cloud is also integrated with GCP’s Security Baseline APIalpha , which provides visibility into the compliance posture of Google Cloud platform. With this integration, customers can get compliance visibility into their full stack.
In addition, with Cloud Security Command Center integration, customers can incorporate Prisma Public Cloud findings into their single pane of glass view by simply enabling the integration in GCP marketplace.
Security analytics: Along with security governance and compliance assurance, Prisma Public Cloud integrates with VPC flow logs to provide useful insight into east-west and north-south traffic flows by correlating data with various security intelligence sources.
Security for GCP workloads: Palo Alto Networks VM-Series firewalls protect both container and compute workloads and can be deployed directly through GCP Marketplace. Deploying the VM-Series with Google Cloud Load Balancers allows horizontal scalability as your workloads grow and high availability to protect against failure scenarios. VM-Series also takes advantage of Cloud Armor to block malicious IP addresses at Google’s edge, saving on compute cycles that analyze other critical traffic flows.
Security for hybrid containerized workloads: Anthos (formerly Cloud Services Platform) lets you build and manage modern hybrid applications. Istio is an open service mesh that can be deployed on Google Kubernetes Engine (GKE) as part of Anthos to provide a uniform way to connect, manage, and secure microservices. With the NGFW policy engine (an Istio mixer adapter developed by Palo Alto Networks) customers can secure east-west traffic based on attributes such as source namespace, source service, destination namespace, destination service and protocol through Panorama. The NGFW policy engine also provides detailed telemetry from the service mesh for forensics and analytics. The NGFW policy engine can be deployed to a kubernetes cluster hosted on-premise or in the cloud directly through the GCP marketplace.
Data Protection for G Suite: Prisma SaaS (formerly Aperture) is a SaaS security service that connects directly to SaaS applications for data classification, Data Loss Prevention, and threat detection. It leverages an out-of-band, API-based approach that enables granular inspection of data at rest in G Suite as well as ongoing monitoring of user activity and administrative configurations.
Learn more about our partnership and integrations at Ignite ‘19:
We hope to see you there,
The Google Cloud Team
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.