Prisma Cloud: Darwin Release Introduces Code to Cloud Intelligence

Oct 18, 2023
8 minutes
3041 views

This post is also available in: 简体中文 (Chinese (Simplified)) 繁體中文 (Chinese (Traditional)) 日本語 (Japanese) 한국어 (Korean)

Cloud applications power the modern enterprise. Still, today’s app economy — propelled by AI-led development — will seem inaugural in retrospect. By 2030, AI could add $13 trillion to global economic output, a significant portion derived from the application economy, according to the McKinsey Global Institute.1

But applications aren’t without risks — not surprising when you consider that they’re built from a complex combination of software packages assembled across multiple delivery pipelines, which also present sources of risk. Code misconfigurations, insecure APIs, unpatched vulnerabilities, exposed secrets … the list goes on. And each risk in code exponentially increases in the cloud, driving security teams to continuously react with runtime patching. This approach won’t scale — not when you consider that hackers can exploit new vulnerabilities within 15 minutes after they’re announced.2

In the digital era dominated by cloud-native applications, organizations need an intelligent code to cloud approach to act as a single source of truth on application risk for developers, operations and security teams. Gartner drives home the challenge, saying, “However, it is incredibly complex to secure software supply chains because they typically extend beyond the confines of any single organization. They span a network of vendors, partners and open-source ecosystems.”3

Addressing this complexity head-on, Prisma® Cloud delivers the next major advancement in CNAPP with the latest Darwin release, making it uniquely comprehensive at securing the application lifecycle from code to cloud.

Taking an Intelligent Approach to CNAPP

While many vendors offer piecemeal solutions, addressing only fragments of the application lifecycle, Prisma Cloud stands apart with its platform approach. It secures applications from their inception in code to their deployment in the cloud to their active running environments where it identifies, connects and fixes risks at every step.

But the game-changer lies in Prisma Cloud's Code to Cloud™ intelligence. Introduced in the Darwin release, Code to Cloud intelligence dives deep into patterns, behaviors and anomalies across code, cloud infrastructure and cloud runtime. Security issues aren’t just identified. They’re traced to their source in code and back, allowing for effective remediation at the origin of risk. To prevent problems from multiplying as applications are built and deployed, developers have deep context on exactly what needs fixing.

Moreover, this isn't merely an add-on — it's woven into the fabric of Prisma Cloud.

Harnessing the Power of Code to Cloud™ Intelligence

Since launching Prisma Cloud, Palo Alto Networks has consistently led the way in innovation. Today, with the Darwin release, we’ve raised the bar once more, delivering four industry-first innovations that work together to vastly simplify how organizations prevent risks and stop breaches.

From understanding your applications in context with AppDNA and uncovering complex risks with the Infinity Graph to easily fixing and preventing risks from occurring again via Code to Cloud remediation, teams tap into unmatched intelligence. Connected insights from the developer environment to applications in production streamline effective security unlike ever before.

Code-to-Cloud intelligence application, showing AppDNA, Infinity Graphy, Remediation, Vulnerability Mgmt, and the dashboard.

Intelligence Delivered with an Intuitive User Experience

Most security teams know the futility of trying to collaborate to reduce cloud risk while switching between various UIs to piece together tools. The Darwin release of Prisma Cloud solves this breakdown, enabling quick and effective collaboration among cross-functional teams. By radically simplifying the user experience, users can now access role-specific dashboards — whether they're DevOps, AppSec or CloudSec — through a simple drop-down menu. What’s more, the platform seamlessly transitions between interfaces, promoting optimal communication across roles.

Easily surface the platform capabilities most relevant to your role.
Easily surface the platform capabilities most relevant to your role.

AppDNA: Act Decisively with Rich Application Insights

Cloud security tools have historically focused on workloads, leaving users with fragmented context into what they really care about — the applications. AppDNA modernizes visibility by structuring the inventory into an intuitive application-centric view that displays your cloud apps and their DNA — the cloud services, infrastructure assets, compute workloads, API endpoints, data and code that make up those applications — all in one place. Additional cloud and business context completes the picture.

AppDNA visualizes every resource component that makes up the application.
AppDNA visualizes every resource component that makes up the application.

Infinity Graph: Explore All Angles from Code to Cloud

Which risks are actually critical? The Infinity Graph makes it easy to understand risks with deep context. By correlating the security stack across misconfigurations, vulnerabilities, pipeline risks, exposure, identity and secrets, sensitive data, and more, you see the potential attack paths leading to a breach. Beyond showing what could go wrong, the graph overlays active attack attempts to show you what’s actually occurring and whether you have protection in place. Highly interactive, the Infinity Graph enables you to search and investigate issues by asking any question, from code to cloud. Easily perform forensics and create guardrails from the supply chain to runtime.

Easily ask any question about code or cloud in a natural language and model the attack surface with the Infinity Graph.
Easily ask any question about code or cloud in a natural language and model the attack path with the Infinity Graph.

Code to Cloud Remediation: Zero in Quickly to Fix Now in Cloud and Forever in Code

Opening tickets for remediation is extremely inefficient, yet still the most common way to resolve issues. With Prisma Cloud, you can immediately fix risks in the cloud and open a pull request for developers to address the issue at the source — preventing it from happening again. With Code to Cloud intelligence, risks are traced back to their origin, giving you a clear roadmap to ensure all teams achieve timely and effective risk management.

Code-to-Cloud Remediation enables you to easily fix issues in the cloud or open a pull request to fix the issue permanently in the code.
Code to Cloud remediation enables you to easily fix issues in the cloud or open a pull request to fix the issue permanently in the code.

Code to Cloud Vulnerability Management: Fix in Minutes, Not Months

While no one is completely immune to vulnerabilities, timely resolution is something we can control. But today’s approach still requires months on average to patch a vulnerability,4 primarily due to lack of context and legacy workflows. Code to Cloud intelligence enables panoramic visibility, allowing you to trace vulnerabilities to the source and easily fix the base image or code repo, ensuring secure-by-design in future pipeline pushes.

Code-to-Cloud Vulnerability Management traces issues back to their source for end-to-end visibility.
Code to Cloud vulnerability management traces issues back to their source for end-to-end visibility.

Code to Cloud Dashboard

Simplify reporting to leadership and boards. The Code to Cloud dashboard offers visibility and control across the entire application lifecycle, down to the supply chain. More than a monitoring function, the main dashboard is an analytics titan, providing deep insights across each stage of the software development lifecycle to aid in efficient decision-making and reporting.

Code-to-Cloud Dashboard provides panoramic visibility across the entire application lifecycle.
Code to Cloud dashboard provides panoramic visibility across the entire application lifecycle.

Cloud Discovery and Exposure Management

Leveraging an “outside-looking-in” view into cloud environments, Cloud Discovery and Exposure Management (CDEM) empowers security teams to discover, evaluate and mitigate unknown and unmanaged internet exposure risks in their cloud environments. With 80% of security exposures found on assets hosted in the cloud5 — visibility across all resources is essential. By highlighting rogue assets, providing comprehensive risk assessment, and allowing users to easily onboard unmanaged assets to Prisma Cloud, organizations can help secure cloud infrastructure against previously unmanaged risks.

The Only Comprehensive Solution

CNAPP by definition is a platform. Remember that. While many vendors claim to offer CNAPP solutions, most only secure isolated parts of the application lifecycle. Prisma Cloud, on the other hand, offers a comprehensive solution, securing the full lifecycle from code to cloud. This all-encompassing approach provides tremendous operational advantages to developers, operations and security teams. Most importantly, it helps ensure that organizations are shielded from threats, no matter where they originate.

Prisma Cloud has consistently showcased its drive toward innovation and excellence. Its simple and intuitive approach, combined with groundbreaking features, positions it as the go-to solution. In a market filled with partial solutions, Prisma Cloud emerges as the only vendor capable of delivering Code to Cloud intelligence.

See how Prisma Cloud’s Darwin release makes it easier than ever to secure your cloud infrastructure.

It Only Gets Better

At Palo Alto Networks, we strive to offer our users a world-class experience that delights application developers and security professionals alike. Our track record speaks for itself. But accolades and industry recognition aside, it's the feedback from our users — the stories of breaches prevented, of the peace of mind experienced by so many — that underscore our commitment to excellence.

Learn More

Tune in to our on-demand webinar, CNAPP Supercharged: A Radically New Approach to Cloud Security, to learn about Prisma Cloud's latest innovations and how to streamline app lifecycle protection. And, don’t miss an opportunity to test drive best-in-class, code to cloud security with a 30-day Prisma Cloud trial.

References

  1. “AI in Government: Capturing the Potential Value | McKinsey.” www.mckinsey.com, www.mckinsey.com/industries/public-sector/our-insights/the-potential-value-of-ai-and-how-governments-could-look-to-capture-it.
  2. “2023 Unit 42 Attack Surface Threat Report.” n.d. Palo Alto Networks. Accessed September 24, 2023. https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report.
  3. 2023. Gartner.com. 2023. https://www.gartner.com/doc/reprints?id=1-2CKBS610&ct=230213&st=sb.
  4. “2023 Data Breach Investigations Report.” n.d. Verizon Business. https://www.verizon.com/business/resources/reports/dbir.
  5. “2023 Unit 42 Attack Surface Threat Report.” n.d. Palo Alto Networks. Accessed September 24, 2023. https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.