Visualization of threat models, scanning of code repositories and analysis of pipeline configuration
In light of the rapid increase in attacks on the software supply chain, Palo Alto Networks (NASDAQ: PANW) today unveiled Prisma Cloud Supply Chain Security. The solution provides a complete overview of potential vulnerabilities or misconfigurations in the software supply chain and enables companies to quickly find and fix them. If these vulnerabilities are not fixed quickly – or better yet avoided during programming – they could allow attackers to infiltrate systems, spread malicious code in a company’s software, and access sensitive data.
Palo Alto Networks Introduces Prisma Cloud Supply Chain Security
According to Gartner*, 45 percent of companies worldwide will have experienced attacks on their software supply chains by 2025, which is a threefold increase compared to 2021. Unit 42’s Cloud Threat Report also found that access to hard-coded credentials opens the door for lateral movement and continuous integration/Continuous Delivery (CI/CD) pipeline poisoning.
Many current solutions are limited to providing information about vulnerabilities and misconfigurations at a resource level in the code or in the cloud. With Supply Chain Security, Prisma Cloud not only offers complete transparency and protection over the entire lifecycle, but also the context in which a vulnerability fits into the layers of a cloud architecture. Prisma Cloud is already a leader in Cloud Native security and the most comprehensive Cloud Native Application Protection Platform (CNAPP).
“Every day, new vulnerabilities are found in open source and other software components that were previously integrated into the company’s software code. Without the right tools, it is very difficult for companies to quickly identify where they have used unpatched versions of these components“” explains Ankur Shah, Senior Vice President, Prisma Cloud Products, Palo Alto Networks . “Prisma Cloud is designed to protect businesses from code to cloud. Now that customers can visualize their software supply chain, it’s easier to identify, prioritize, and remediate security vulnerabilities at the beginning of development and during delivery pipelines.“
Prisma Cloud Supply Chain Security offers a full-stack and full-lifecycle approach to securing the interconnected components that make up and deploy cloud-native applications. The security solution helps identify vulnerabilities and misconfigurations in code, including open source packages, infrastructure-as-code (IaC) files, and delivery pipelines, such as version control systems (VCS) and CI pipeline configurations.
It includes the following functions:
- Automatic detection: Code assets are extracted and modeled with existing Cloud Code Security scanners.
- Graphical visualization: Simple and complete inventory of the most important dependencies of application and infrastructure assets in order to understand vulnerabilities in the entire attack surface.
- Fixing code in the supply chain: Vulnerable dependencies or misconfigured IaC resources can be resolved with a single consolidated pull request.
- Scanning of code repositories: Identify and fix vulnerabilities in open source packages in the application code.
- Branch Protection Rules: Extends Policy-as-Code to harden VCS and CI/CD configurations (via Checkov) to prevent code tampering attacks.
These capabilities enable organizations to more accurately assess the attack surface of their deployment pipelines and all associated application and infrastructure resources to better protect against supply chain attacks. Implementing Prisma Cloud Supply Chain Security as part of a zero trust architecture is one of the best ways for companies to prevent attacks on the software supply chain.
“A thriving community that creates a variety of open source software helps developers speed up their programming and product deployment. At the same time, however, it increases the attack surface if it is not possible to effectively ensure that the code is secure,” comments Melinda Marks, Senior Analyst, Application and Cloud Security, ESG. “The new enhancements in Prisma Cloud enable DevOps and security teams to fully understand their software supply chains so they can identify and fix coding errors to protect their cloud-native applications.”