Palo Alto Adds New SaaS Compliance, Threat Prevention and URL Filtering Features to Prisma Solution
Cybersecurity provider Palo Alto Networks has announced new updates to its Prisma Secure Access Service Edge (SASE) platform that introduce new Software as a Service (SaaS) security and compliance support for customers, as well as enhanced threat prevention and URL filtering capabilities. The company also launched a new native Artificial Intelligence for IT Operations (AIOps) solution for SASE to simplify networking and security operations. The launches come as the era of hybrid working persists, with organizations increasingly implementing and relying on SaaS applications, introducing complex new security challenges.
New Prisma Features Address SaaS Security and Compliance Challenges, Help Prevent Phishing, Ransomware and C2 Attacks
In a press release, Palo Alto estimated that the average enterprise now uses more than 110 SaaS applications. With large amounts of sensitive data typically stored in SaaS applications, poor security configurations pose serious threats to businesses. Its latest features are therefore in part designed to help customers improve their SaaS security and risk management postures, while improving other key elements of modern cyber resilience.
The first is SaaS Security Posture Management (SSPM) capabilities which, as part of the vendor’s Cloud Access Security Broker (CASB) offerings, go beyond the compliance checks of the Center for Internet Security (CIS) and the U.S. National Institute of Standards and Technology (NIST) to allow customers to easily view and configure security settings for multiple SaaS applications to ensure they are both compliant and secure, Palo Alto said. “This means for the customer that they can now secure the posture of their SaaS applications without having to deploy additional tools and manage other products,” said Matt De Vincentis, vice president of SASE marketing at Palo Alto. Networks, to CSO.
The second new feature is Advanced URL Filtering which uses “deep learning” to prevent new phishing attacks, ransomware and other web threats. De Vincentis says traditional URL filtering has primarily relied on web crawlers and databases to search and categorize URLs so that customers’ web security policies can be enforced. The problem with this is that modern web attacks can easily hide themselves by using throwaway domains/URLs and identifying and avoiding web crawlers from security vendors so that URLs appear benign until the moment they are used to attack a user.
“With Advanced URL Filtering, we use online machine learning and deep learning models to identify whether or not a URL is malicious in real time,” adds De Vincentis. “Our telemetry shows that Advanced URL Filtering can prevent more than 200,000 attacks per day, unlike traditional databases. Customers don’t need to deploy anything new to take advantage of it, because it does part of the Prisma SASE service and is configured as our traditional URL filtering used to be.
Next is Advanced Threat Prevention, which uses new machine learning enhancements to stop unknown command-and-control (C2) attacks in real time, Palo Alto said. According to the vendor, the new features move security scanning from “offline” to “online” using cloud computing for AI and deep learning techniques, without sacrificing performance.
“Traditional threat prevention capabilities like IPS [intrusion protection systems] require the use of signatures to detect and prevent threats,” says De Vincentis. In other words, a threat must have been seen and analyzed offline by a security vendor, with a signature produced and delivered to the customer over a period of time. “This time lag between the existence of a zero-day threat and the establishment of protection puts customers at risk,” he adds. With its new Threat Prevention feature, Palo Alto uses large amounts of real-world network attack traffic to build and train deep learning models to detect and stop C2 attacks from advanced hacking tools that are now commonly used to target corporate networks with impunity, he says. .
Finally, the vendor integrated a native AIOps solution for SASE to reduce manual operations and enable faster remediation. AIOps for SASE provides automated root cause analysis, rapid issue resolution, and guided adoption of best practices, Palo Alto wrote. It also provides more efficient capacity planning and anomaly detection through predictive analytics and a query-based interface that leverages NLP to support IT service desks with automated contextual troubleshooting and change analysis, a he added.
Shadow IT, Access Management Biggest SaaS Security Risks
Omdia Senior Principal Analyst Rik Turner tells CSO that the speed at which new SaaS applications have been adopted, especially since hybrid working took on a new lease of life during the COVID-19 pandemic, has had significant security implications for organizations. One of the biggest is the ease of adoption of SaaS applications and the subsequent rise of shadow computing. “A user from an individual business unit can sign up for it without needing to involve their IT department, leading to the growth of a so-called ‘shadow IT’ environment completely unknown to IT or security. “
This lack of visibility into the SaaS applications used within an organization and the data shared through them has led to the development of Cloud Access Security Broker (CASB) technology, Turner adds. “However, it should be remembered that in the shared responsibility model for cloud security, data and access to it are always the responsibility of the customer. With SaaS, in fact, the cloud service provider takes responsibility for all the other parts of the stack, but data and access are still the responsibility of the customer. »
The explosion of hybrid working has necessitated a more proactive approach here, i.e. trying to get ahead of the access problem by identifying excessive or misconfigured access rights and reducing them before they happen. cause a problem, says Turner. “It’s pretty much the only way to deal with the scale of the problem and avoid the continual ‘putting out the fires’ scenario.”
Copyright © 2022 IDG Communications, Inc.