305 0 0 8 min to read

Palo Alto Networks Helps Organizations in the Philippines to Combat Software Supply Chain Threats With New Prisma Cloud Supply Chain Security

Threat modeling visualization, code repository scanning, and pipeline configuration analysis help prioritize vulnerabilities

Philippines, March 17, 2022 — With software supply chain attacks rising rapidly, Palo Alto Networks) today announced Prisma® Cloud Supply Chain Security to provide a complete view of where potential vulnerabilities or misconfigurations exist in the software supply chain — allowing organizations to quickly trace to the source and fix them. If not quickly fixed or, better yet, avoided during coding, these security flaws could allow attackers to infiltrate systems, spread malicious payloads throughout an organization’s software and access sensitive data.

According to Gartner®, “By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.”* Unit 42’s Cloud Threat Report also found that access to hardcoded credentials opened the door for lateral movement and continuous integration/continuous delivery (CI/CD) pipeline poisoning.

Many current solutions only provide vulnerability and misconfiguration information at a resource layer in code or in the cloud. With Supply Chain Security, Prisma Cloud, already a leader in cloud-native security and the most complete Cloud-Native Application Protection Platform (CNAPP), provides not only full lifecycle visibility and protection but the context of where a vulnerability fits into the layers of a cloud architecture. 

“Every day new vulnerabilities are found in open source and other software components that have previously been integrated into the organization’s software code. Without the proper tools, it is very difficult for organizations to quickly spot where they have used the unpatched versions of these components,” said Ankur Shah, senior vice president, Prisma Cloud products, Palo Alto Networks. “Prisma Cloud is designed to help protect organizations from code to cloud; and now that customers can visualize their software supply chain, it’s easier to spot, prioritize, and remediate security weaknesses at the onset of development and during delivery pipelines.”

Prisma Cloud Supply Chain Security helps provide a full stack, full lifecycle approach to securing the interconnected components that make up and deliver cloud-native applications. It can help to identify vulnerabilities and misconfigurations in code, including open source packages, infrastructure as code (IaC) files, and delivery pipelines, such as version control system (VCS) and CI pipeline configurations. It includes the following features:

●       Auto-discovery: Code assets are extracted and modeled using existing Cloud Code Security scanners.

●       Graph visualization: Simple and complete inventory of key application and infrastructure asset dependencies to understand weaknesses across the attack surface.

●       Supply chain code fix: Vulnerable dependencies or misconfigured IaC resources can be remediated using a single consolidated pull request.

●       Code repository scanning: Identify and fix vulnerabilities in open source packages in application code.

●       Branch protection rules: Extends policy-as-code to harden VCS and CI/CD configurations (via Checkov) to help prevent code tampering attacks.

With these features, organizations can better assess the attack surface of their delivery pipelines and all connected application and infrastructure resources to be better equipped to help prevent supply chain attacks. Implementing Prisma Cloud supply chain security as part of a Zero Trust architecture is one of the best ways an organization can prevent software supply chain attacks.

“A thriving community creating a vast array of open-source software helps developers accelerate their coding and product delivery, but it increases the attack surface if you can’t make sure the code is secure,” says Melinda Marks; ESG Senior Analyst, Application and Cloud Security. “The new enhancements in Prisma Cloud allow DevOps and security teams to fully understand their software supply chains so they can identify and remediate coding flaws to secure their cloud-native applications.”

Availability

The new Supply Chain Security visualization is now available in both Prisma Cloud and Bridge crew by Prisma Cloud.

More Information

More information about Prisma Cloud is available here.

*Gartner, How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks,

Manjunath Bhat, Dale Gardner, Mark Horvath, July 15, 2021.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Prisma, and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

QR Code

Save/Share this story with QR CODE


Disclaimer


This article is for informational purposes only and does not constitute endorsement of any specific technologies or methodologies and financial advice or endorsement of any specific products or services.

📩 Need to get in touch?


📩 Feel free to Contact NextGenDay.com for comments, suggestions, reviews, or anything else.


We appreciate your reading. 😊Simple Ways To Say Thanks & Support Us:
1.) ❤️GIVE A TIP. Send a small donation thru Paypal😊❤️
Your DONATION will be used to fund and maintain NEXTGENDAY.com
Subscribers in the Philippines can make donations to mobile number 0917 906 3081, thru GCash.
3.) 🛒 BUY or SIGN UP to our AFFILIATE PARTNERS.
4.) 👍 Give this news article a THUMBS UP, and Leave a Comment (at Least Five Words).


AFFILIATE PARTNERS
LiveGood
World Class Nutritional Supplements - Buy Highest Quality Products, Purest Most Healthy Ingredients, Direct to your Door! Up to 90% OFF.
Join LiveGood Today - A company created to satisfy the world's most demanding leaders and entrepreneurs, with the best compensation plan today.


0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x