Vendor says new updates will help organizations better monitor and secure web applications without impacting performance. Credit: Getty Images Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities. The vendor said the updates are designed to help organizations monitor and secure web applications without impacting performance. The move comes as businesses continue to expand their use of cloud environments and face demands in managing the complexity of cloud migration, securing applications across their lifecycle, and preventing web application attacks.Prisma Cloud updates introduce “novel approach” to web application securityIn a press release, Palo Alto stated that the latest Prisma Cloud version offers a novel approach to securing web applications and cloud environments that combines both inline and out-of-band methods. Until now, a primary approach to securing web applications has been to deploy inline web application firewalls (WAFs), but some organizations are reluctant to introduce WAFs or API security solutions inline to protect business-critical or sensitive applications due to performance and scalability concerns, the vendor said.“By adding out-of-band WAAS to Prisma Cloud, we are empowering customers with flexible security options that fit their evolving application needs,” commented Ankur Shah, senior vice president, Prisma Cloud products, Palo Alto Networks. “As more organizations move workloads to the cloud, the capabilities that make up Prisma Cloud help provide simple yet comprehensive protection.” Deeper application visibility aims to address expanding attack surfacePalo Alto has also integrated new threat detection, asset inventory, and identity management capabilities to its platform to enhance application visibility. This is intended to address the expanding cloud infrastructure attack surface as application use rises, the company said. These features include: Multi-cloud graph view for cloud infrastructure entitlement management across AWS, Microsoft Azure, and Google Cloud for the discovery of over-privileged accounts and access risksDNS-based threat detection that leverages machine learning and advanced threat intelligence to identify bad actors hiding in DNS trafficMITRE ATT&CK alert prioritization to enable security teams to prioritize risks and incidents based on the widely adopted frameworkEffective web application monitoring and security critical for businessesWith reliance on web applications ever more pervasive among modern organizations, the ability to effectively monitor and secure them has become critical for businesses. “Web application attacks are the most common cause of breaches, according to Forrester’s research,” Forrester Principal Analyst Sandy Carielli tells CSO.“Attackers will pepper web applications with standard application attacks like the OWASP Top 10, and they will also attempt bot attacks that take advantage of legitimate business logic. APIs are also subject to a range of attacks that can lead to data leaks.” Omdia Principal Analyst Rik Turner concurs. “With COVID-19 having turbocharged digital transformation, orgs’ web applications have become more important than ever, whether for e-commerce, customer interactions, online teaching, or e-government. As such, they have become even juicier targets than they were before the pandemic. Monitoring and securing web applications has become a critical capability.” Tackling excessive web application privilege issues is particularly important because many privileges tend to persist even after people either leave a company or move onto another project and no longer require access to a certain asset, Turner adds. The out-of-band approach Palo Alto has introduced addresses another important element in the web application security equation as well, he says. “All out-of-band security is designed to minimize the impact of the security tool on the thing it is protecting, i.e., avoiding the additional latency that comes with inline platforms. That goes for web applications too, in that you don’t want to slow down communications between the web front end and any backend servers/applications/databases, so as not to negatively impact the customer experience (CX).”Security functions must have visibility of the flaws applications have so that dev teams can work to fix them and security teams can protect applications from exploits targeting them until the fix is available, Carielli says. “No application is perfect, and fixes, even for high-profile vulnerabilities, aren’t instantaneous. (They require development, testing, etc.). A good example is Log4j. While everyone worked to upgrade their applications’ Log4j libraries, production-side protections blocked attempted exploits.” Related content brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe