Palo Alto grows cloud security portfolio with new Prisma release, Bridgecrew buy

Palo Alto Networks had a busy week. First, it rolled out a number of new features for its Prisma Access cloud-based security package, and then it announced plans to buy cloud security vendor Bridgecrew for about $156 million in cash.

Palo Alto Networks’ Prisma is a cloud-based security package that includes access control, advanced threat protection, user behavior monitoring and other services that promise to protect enterprise applications and resources. Managed through a single console, Prisma includes firewall as a service, zero-trust network access, a cloud access security broker and a secure web gateway.

With Prisma Access 2.0, the company says it has simplified its workflows to include configuration templates and automated resource assessments that streamline cloud network configuration and improve security out of the box, wrote Anand Oswal, senior vice president and general manager at Palo Alto, in a blog about Prisma 2.0.

Prisma Access 2.0 uses machine learning (ML) for inline zero-day protection. It gives customers the ability to instantly stop new threats with embedded ML technology to provide realtime signatureless attack prevention and extend security coverage to all devices, including never-seen-before IoT devices, Oswal stated. Prisma now includes the ability to automate policy recommendations that save time and reduce the chance of human error, he added.

“Prisma Access now supports explicit proxy as a connection and onboarding choice for organizations in addition to agent and agentless options, while continuing to support all the advanced web security protections such as Threat Prevention, WildFire, URL Filtering, DNS Security, Prisma SaaS and Enterprise DLP,” Oswal stated. This support lets customers easily migrate from legacy proxy-based solutions to a complete cloud-delivered security platform, without the need for network architecture changes, Oswal said.

Prisma Access is also a key piece of Palo Alto Networks’ secure access service edge (SASE) offering, which is largely comprised of SD-WAN technology Palo Alto bought with CloudGenix last year. The company has added ML analytics and other security features to the CloudGenix SD-WAN package to help customers with capacity planning by letting operators understand what WAN connections they are using, when they are using them, and what applications are driving that use, Oswal said.

The overarching idea with Prisma is to protect web and non-web applications, Oswal stated. 

“Cloud-based web security offerings that rely on proxy-based Secure Web Gateway (SWG) or Cloud Access Security Broker (CASB) technology have failed to deliver a consistent work-from-anywhere experience for organizations,” Oswal stated. “While many apps have moved to software-as-a-service or web-based architectures, our analysis of threat data from more than 500 customers shows that 53% of all remote workforce threats are related to non-web apps.”

Prisma Access 2.0 will be generally available in March.

In addition to the Prisma Access 2.0 rollout, the company said it intended to buy infrastructure-as-code vendor Bridgecrew. 

The proposed acquisition will let Prisma Cloud customers and developers embed security assessment and enforcement capabilities in applications. Once integrated, Prisma Cloud customers will get a single platform that will deliver cloud security from build time to runtime, the company stated. 

“Integrating cloud security across the application lifecycle will both improve security and speed up development, helping developers and DevOps teams to identify and correct security problems before code is pushed into production. This will also reduce the impact of security issues on end users and prevent the delay of application deployments,” Palo Alto stated.

The Prisma and Bridgecrew news comes after the company said it would begin offering its next generation firewalls and other security products on a credit or consumption-based service.

With Palo Alto’s flexible consumption model, customers allocate or remove additional cores as traffic needs change to scale the software firewall up or down, instead of going through the long process of procuring a new firewall model.

“A few clicks will appropriately size your firewalls, and Software NGFW Credits will automatically be deducted from – or refunded to – a customer credit bank,” the company stated. 

Customers purchase Software NGFW Credits, which can then be allocated to Palo Alto VM-Series virtual and CN-Series NGFWs, cloud-delivered security services, and VM Panorama for management and log collection, the company stated.

As needs change over time, Software NGFW Credits can be reallocated other Palo Alto Networks firewall-as-a-platform offerings without having to go through additional procurement cycles.