Network security specialist Palo Alto Networks Inc. today announced a new security offering to combat supply chain threats.
The new Prisma Cloud Supply Chain Security provides a complete view of where potential vulnerabilities or misconfigurations exist in an organization’s software supply chain. In doing so, it allows users to trace them to the source quickly and fix them.
Attacks on supply chains have been increasing over the last year, the Colonial Pipeline Co. attack being the best known. The issue for supply chains is that security flaws, if not quickly fixed, can allow attackers to infiltrate systems, spread malicious payloads throughout an organization’s software and access sensitive data.
Palo Alto Networks argues that current solutions only provide vulnerability and misconfiguration information at a resource layer in code or in the cloud. Prisma Supply Chain Security provides full lifecycle visibility and protection and the context of where a vulnerability fits into the layers of cloud architecture.
Prisma Cloud Supply Chain Security helps provide a full-stack, full-lifecycle approach to securing the interconnected components that make up and deliver cloud-native applications. It helps identify vulnerabilities and misconfigurations in code, including open source packages, infrastructure-as-code files and delivery pipelines, such as version control system and continuous-integration pipeline configurations.
Features include auto-discovery, graph visualization, supply chain code fixes, code repository scanning and branch protection rules. Organizations can thus better assess the attack surface of their delivery pipelines and all connected application and infrastructure resources to be better equipped to help prevent supply chain attacks. Preventing supply chain attacks helps to reinforce an organization’s zero-trust enterprise approach.
“Every day new vulnerabilities are found in open source and other software components that have previously been integrated into the organization’s software code,” Ankur Shah, senior vice president of Prisma Cloud products for Palo Alto Networks, said in a statement. “Without the proper tools, it is very difficult for organizations to quickly spot where they have used the unpatched versions of these components.”
The new service is now available in both Prisma Cloud and Bridgecrew by Prisma Cloud.