Cybersecurity vendor Palo Alto Networks has announced new updates to its Prisma Secure Access Service Edge (SASE) platform that introduce new Software as a Service (SaaS) security and compliance support for customers, along with enhanced threat prevention and URL filtering capabilities. The firm has also released a new native artificial intelligence for IT operations (AIOps) solution for SASE to help simplify networking and security operations. The launches come as the hybrid working era persists with organizations increasingly implementing and relying on SaaS applications, introducing new and complex security challenges.
New Prisma features address SaaS security and compliance challenges, help prevent phishing, ransomware, C2 attacks
In a press release, Palo Alto estimated that the average business now uses more than 110 SaaS applications. With vast amounts of sensitive data typically stored in SaaS apps, security misconfigurations pose serious threats to organizations. Its latest features are therefore partly designed to help customers improve their SaaS security and risk management positions, along with enhancing other key elements of modern cyber resilience.
The first is SaaS security posture management (SSPM) capabilities that, as part of the vendor’s cloud access security broker (CASB) offerings, move beyond Center for Internet Security (CIS) and U.S. National Institute of Standards and Technology (NIST) compliance checks to allow customers to easily view and configure security settings for multiple SaaS apps to ensure they are both compliant and secure, Palo Alto stated. “What this means for the customer is they can now secure the posture of their SaaS applications without having to deploy additional tools and manage other products,” Matt De Vincentis, vice president SASE marketing at Palo Alto Networks, tells CSO.
The second new feature is advanced URL filtering that uses “deep learning” to prevent new phishing attacks, ransomware, and other web-based threats. De Vincentis says that traditional URL filtering has predominantly relied on web crawlers and databases to find and categorize URLs so that customer web security policies can be enforced. The problem with that is that modern web attacks can easily hide by making use of disposable domains/URLs and by identifying and evading security vendor web crawlers so that the URLs appear benign until the moment they are used to attack a user.
“With advanced URL filtering, we use inline machine-learning models and deep learning to identify whether a URL is malicious or not in real-time,” De Vincentis adds. “Our telemetry shows that advanced URL filtering can prevent over 200,000 attacks per-day that traditional databases could not. Customers do not need to deploy anything new to take advantage of this, as it is part of the Prisma SASE service and is configured just like our traditional URL filtering previously was.”
Next is advanced threat prevention that uses new machine learning enhancements to stop unknown command-and-control (C2) attacks in real time, Palo Alto stated. The new capabilities bring security analysis from “offline” to “inline” using cloud compute for AI and deep learning techniques, without sacrificing performance, according to the vendor.
“Traditional threat prevention capabilities like IPS [intrusion protection systems] require the use of signatures to detect and prevent threats,” De Vincentis says. In other words, a threat must have been seen and analyzed offline by a security vendor, with a signature produced and delivered to the customer over a period of time. “This time lag between a zero-day threat existing and a protection being delivered puts customers at risk,” he adds. With its new threat prevention feature, Palo Alto uses vast amounts of real-world network attack traffic to build and train deep learning models to detect and stop C2 attacks from advanced hack tools that are now commonly used to target enterprise networks with impunity, he says.
Last is the vendor’s integration of a native AIOps solution for SASE to help reduce manual operations and enable faster remediation. AIOps for SASE provides automated root-cause analysis, rapid problem remediation, and guided best practice adoption, Palo Alto wrote. It also provides more efficient capacity planning and anomaly detection via predictive analytics and a query-based interface that leverages NLP to support IT service desks with automated contextual troubleshooting and change analysis, it added.
Shadow IT, access management biggest SaaS security risks
Omdia Senior Principal Analyst Rik Turner tells CSO the sheer rate at which new SaaS apps have been adopted, particularly since hybrid working gained a new lease of life during the COVID-19 pandemic, has had significant security implications for organizations. One of the biggest is the ease of adoption of SaaS apps and the subsequent rise of shadow IT. “A user in an individual business unit can sign up for it without any need to involve his or her IT department, leading to the growth of a so-called “shadow IT” environment completely unbeknown to IT or security.”
This lack of visibility regarding which SaaS apps are in use within an organization, and what data is being shared via them, has led to the development of cloud access security broker (CASB) technology, Turner adds. “However, it is worth remembering that, in the shared responsibility model for cloud security, the data and access to it are always the customer’s responsibility. With SaaS, in fact, the cloud service provider takes responsibility for every other part of the stack, but data and access still fall to the customer.”
The explosion in hybrid working has driven the need for a more proactive approach here — i.e., trying to get ahead of the access issue by identifying excessive or misconfigured access rights and curtailing them before they can cause a problem, Turner says. “This is pretty much the only way to address the scale of the problem and avoid the continual “putting out fires” scenario.”