Palo Alto Networks Inc. last week unveiled its newest cloud security offering, Cortex Cloud. The latest iteration of the company’s Prisma Cloud, it’s natively built on Palo Alto’s Cortex AI-enabled security operations platform.

In its announcement, Palo Alto described Cortex Cloud as combining Cortex’s “best-in-class cloud detection and response (CDR) with industry-leading cloud native application protection platform (CNAPP) from Prisma Cloud for real-time cloud security.”

Cloud attack surfaces are a favorite target of cyberattacks, reflecting the continuing growth of enterprise cloud adoption and artificial intelligence usage. Cortex Cloud brings together multiple sources of data, automates workflows, and applies AI to deliver insights to reduce risk and prevent threats. The company designed Cortex Cloud to ingest and analyze data from third-party tools enabling to operate across the cloud ecosystem.

In a briefing with analysts, Scott Simkin, Palo Alto’s vice president of marketing, said Cortex Cloud gives security teams greater insight into what’s happening within their infrastructure, enabling them to act quickly and decisively. “One of the primary things we wanted to make better with Cortex Cloud is time to value, ease the workflow, ease of onboarding, and ease of reporting and dashboarding,” he said.

Cortex Cloud also consistently delivers capabilities such as role-based access control (RBAC) in one place for all cloud modules. “Now they’ve got it for all cloud modules and the SOC together,” Simkin said.

Key features

Built on Cortex, Cortex Cloud is designed to prevent cloud threats in real time. It leverages runtime protection so customers can achieve protection at a lower total cost of ownership that buying point products. Cortex Cloud includes:

Application security: Organizations can build secure apps and prevent issues during development from becoming production vulnerabilities that attackers can exploit. Cortex Cloud identifies and prioritizes issues across the development pipeline, providing end-to-end context across code, runtime, cloud, and third-party scanners.

Cloud posture: Cortex Cloud builds on Prisma Cloud’s cloud posture capabilities, combining cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), data security posture management (DSPM), AI security posture management (AI-SPM), compliance, and vulnerability management (CWP) in one natively integrated platform.

Cloud runtime: Cortex Cloud natively integrates the unified Cortex XDR agent, including additional cloud data sources, to stop attacks in real time.

SOC: The transformation of SOC operations is core tenet of Palo Alto’s platform value proposition. To enabled this, Cortex Cloud works with Cortex XSIAM to extend detection and response capabilities from enterprise to the cloud for comprehensive, AI-driven security operations. Cortex Cloud natively integrates cloud data, context, and workflows within Cortex XSIAM to significantly reduce the mean time to respond to modern threats with a single, unified SecOps solution.

Improving time to value

Simkins said that the enhancements delivered by Cortex Cloud deliver value quickly to enterprises. “When you onboard a cloud account, you onboard it once, and every single posture control and runtime is now activated at the same moment with the click of a button. So time to value has been dramatically improved,” he said. “Unifying cloud and SOC within a broader security operations umbrella is the right decision to help enterprises stay ahead.

“Customers have told us over and over again they’re not looking to adopt individual posture controls,” Simkins said. “They’re looking to adopt cloud posture, runtime, or end-to-end security operations. So we listened to that feedback to get to a much simpler and easier to understand price and model.”

My perspective

With Cortex Cloud, Palo Alto is demonstrating the continuing platformization of security. As security functions become more standardized, it’s easier to roll them into enterprise platforms.

That transition has been occurring for a while. Next-generation firewalls and other security capabilities have been rolled into a single system. Enterprises no longer need to buy these components separately. I also see cloud-native application protection platforms having reached that point, so they can be rolled in as a SOC tool.

This evolution makes security platforms more comprehensive, responsive, and capable than ever before. The era of the standalone security app is rapidly coming to an end.

Availability

General availability for Cortex Cloud is Feb. 18. Simkins said upgrades for existing customers, through PAN’s partner ecosystem, will begin in April.

Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.

Image: Palo Alto Networks