Palo Alto Networks Inc. is upgrading its Prisma Cloud cybersecurity platform with new features for detecting vulnerabilities and malicious activity in cloud environments.

The features are rolling out as part of a new release of the platform that debuted today.

Prisma Cloud is designed to help enterprises find vulnerabilities in their cloud environments, detect hacking attempts and comply with cybersecurity regulations. The platform is based on technologies that Palo Alto Networks obtained over the past few years through a series of startup acquisitions. According to the company, Prisma Cloud is used by 77% of the Fortune 500.

The new Prisma Cloud release that debuted today adds more features for securing cloud environments. According to the company, one particular focus of the release is easing the detection of breach indicators in a cloud environment’s network traffic.

Organizations often search for malicious network activity using an approach called inline scanning. This approach involves rerouting the traffic traveling between two applications through a cybersecurity system, which analyzes the traffic for signs of a breach. 

Inline scanning isn’t always practical to implement in cloud environments. Rerouting the traffic traveling from one workload to another through a cybersecurity system can decrease the speed at which the traffic reaches its destination, which affects application performance. Additionally, certain maintenance tasks become more complicated. 

With the new release of Prisma Cloud, Palo Alto Networks is introducing a so-called out-of-band scanning feature that promises to ease cybersecurity operations for customers. Out-of-band scanning removes the need to reroute network traffic through a cybersecurity system. Instead, a company can create a copy of the traffic and scan the copy for malicious activity, which doesn’t hurt applications’ ability to exchange data.

“Companies no longer have to decide between application security and performance,” said Ankur Shah, senior vice president of Prisma Cloud products at Palo Alto Networks. “By adding Out-of-Band WAAS to Prisma Cloud, we are empowering customers with flexible security options that fit their evolving application needs.”

The feature is joined by a new machine learning tool for identifying malicious Domain Name System, or DNS, traffic. The Domain Name System is a key component of the internet responsible for translating URLs to IP addresses, which is a prerequisite to establishing many network connections. Prisma Cloud can now help companies more effectively block hacking campaigns that involve malicious DNS requests. 

The new Prisma Cloud release also includes other enhancements. According to Palo Alto Networks, the release includes features that make it easier to map out what applications, containers and other components comprise a multicloud environment. Prisma Cloud also simplifies the task of scanning those components for potential vulnerabilities.

A new alert prioritization tool will help administrators organize potential security issues that Prisma Cloud detects by severity and tackle the most pressing incidents first. The tool prioritizes breach alerts using MITRE ATT&CK, a widely used cybersecurity framework. MITRE ATT&CK provides technical data on common hacking tactics to help companies more effectively detect and remediate breach attempts.

Prisma Cloud is an important element of Palo Alto Networks’ revenue growth strategy. Between the fourth quarter of 2020 and the fourth quarter of 2021, the number of cloud workloads that the platform helps secure more than doubled to north of 2 million. In the same time frame, the number of organizations using Prisma Cloud increased by 47%.

Palo Alto Networks’ strategy to continue growing the platform’s popularity in the enterprise places a particular emphasis on adding more features. As part of the effort, the company last year acquired a cybersecurity startup called Bridgecrew for $156 million. Bridgecrew’s platform, which has since been integrated into Prisma Cloud, helps enterprise software teams find and fix vulnerabilities in application code.

Photo: Palo Alto Networks