Network security specialist Palo Alto Networks Inc. today updated its Prisma Cloud offering that’s used by enterprises to secure hybrid and multicloud environments.

New features unveiled today include an advanced container image sandboxing capability the company said helps protect against container security risks.

Prisma Cloud is a service that enables developers to block vulnerabilities they discover at any point during the application development and deployment process. Stitched together from a number of technologies Palo Alto obtained through its acquisitions of RedLock Inc., Evident.io, Twistlock Ltd. and PureSec Ltd., Prisma Cloud provides monitoring features that can identify security issues, together with breach prevention tools that allow administrators to block any threats they find.

Palo Alto said enhanced container security is becoming a must-have because organizations increasingly consume images from multiple different sources that cannot be trusted. Containers are used by developers to host the components of modern applications that can run anywhere, but they can also come with lots of nasty vulnerabilities inside them.

To detect any possible risk, Prisma Cloud now provides a sandboxing feature that runs each new image within an isolated environment. It uses machine learning to analyze each one, performing a deep inspection of all of its processes, its file system and networking activity, before it’s deployed. The company said that means customers have complete visibility and control over all aspects of any image before it’s brought into a live environment.

Other new features include expanded Auto-Detection and Auto-Protection capabilities for standalone virtual machines running in Microsoft Azure and Google Cloud. These Host Security capabilities were previously only available for virtual machines on Amazon Web Services. Palo Alto said Auto-Detection and Auto-Protection on Prisma Cloud helps to reduce the effort required by DevOps teams to manually configure, deploy and update software agents that run alongside and protect each workload.

Palo Alto also announced extended web application and application programming interface security, known as wide area application services or WAAS, with support for Windows and service meshes. WAAS is designed to protect cloud-native applications by expanding web application firewalls to cover API security capabilities, advanced DoS protection and bot risk management.

Finally, Palo Alto said its Red Hat Inc.-certified vulnerability scanner tool is now available in the Red Hat Ecosystem Catalog. “With the Red Hat Vulnerability Scanner Certification, we are helping partners like Palo Alto Networks harness Red Hat security-related data to deliver more reliable and consistent container vulnerability reporting to customers,” said Lars Herrmann, vice president of partner ecosystems, product and technologies at Red Hat.

Palo Alto said the new capabilities are available in the Prisma Cloud Compute Edition now and will become available in Prisma Cloud Enterprise Edition next month.

Image: PaliGraficas/Pixabay