Blog
Cloud Native Security

Cloud Native Security

Securing Your Metadata from Cloud Heists with Prisma Cloud’s Attack Path Policies

Many businesses today rely on cloud computing, and AWS is a significant player in this space. Using AWS, though, can be tricky. If not set up correctly, you can unknowingly create a security risk.

Take, for example, the increasingly prevalent scenario involving an EC2 instance. Far too often an EC2 instance is left accessible to anyone on the in...

Cloud Computing

Cloud Security

Sep 26, 2023

By Kabeer Saxena

Cloud Native Security

Cloud Native Application Protection Platform

Cloud Workload Protection Platform

Cloud Security Posture Management

Cloud Network Security

Cloud Infrastructure Entitlement Management

DevSecOps

Partners

CIEM, Cloud Network Security, Zero Trust Security

Zero Trust Security Model in Cloud Environments

The traditional network security model has long relied on a simple yet increasingly outdated concept — the secure perimeter. The secure perimeter approach assumes everything inside a network is inherently trust...

Sep 21, 2023

By Chanchal Sutradhar

AppSec, CI/CD, DevOps, Research

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actio...

Learn how a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actio...

Sep 14, 2023

By Asi Greenholts

AppSec, DevSecOps

OpenID Connect: Let’s Talk Security

OpenID Connect (OIDC) is a modern authentication and authorization protocol built on top of the 0Auth 2.0 framework. OIDC enables secure and standardized authentication in applications, particularly web and mobile applications.

Sep 12, 2023

By Steve Giguere

Announcement, CNAPP, Uncategorized

GigaOm Names Prisma Cloud a CSPM Leader, Second Consecutive Year

Moving to the cloud comes with technical complexities — security being one. Addressing the misconfigurations and risks contributes to this complexity,...

Aug 31, 2023

By Jason Williams

More Blogs

Displaying 1—16 of

312 results

Sort By:

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

In today’s post, we look at action pinning, one of the profound mitigations against supply chain attacks in the GitHub Actions ecosystem. It turns out, though, that action pinning...

Aug 30, 2023

By Yaron Avital

CIEM, Cloud Infrastructure Entitlement Management, IAM

New Innovation Insight: CIEM Report from Gartner®

As the cloud continues to dominate the operating landscape, it has also revolutionized identity and access management, giving rise to new challenges — particularly with the proliferation of identities required...

Aug 23, 2023

By Cameron Hyde

CAS, Cloud Workload Protection Platform, Products and Services

Elevate Cybersecurity with PRISMA IDs

In the cybersecurity maze, finding and addressing vulnerabilities is like chasing shadows. Every point of weakness opens a door to potential threats. While many organizations rely on the CVE system to identify...

Aug 22, 2023

By Sharon Ben Zeev

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

GitHub Actions has gained immense popularity in recent years as a powerful and flexible automation platform for software development workflows. With its intuitive user interface, e...

Aug 16, 2023

By Yaron Avital

Announcement, Cloud Security, Code to Cloud, Must-Read Articles, News and Events, Partners, Product Features

Deloitte Safeguards Software Development Lifecycle

As cloud computing continues to increase in popularity, businesses should consider remaining vigilant in protecting their information. Enterprises are...

Aug 10, 2023

By Joe Rogalski

Application Security, AppSec

The Evolution of Cloud-Native Application Security

Application security refers to the practices and strategies that protect software applications from vulnerabilities, threats and unauthorized access so that organizations can ensure the confidentiality, integri...

Aug 09, 2023

By Steve Giguere

CIEM, IAM

Anomaly Detection Policies for Unusual Workload Credential Usage

Cloud computing is an essential component of modern business operations, providing numerous benefits — scalability, flexibility and cost-efficiency among them. But cloud computing...

Aug 03, 2023

By Bar Schwartz and Ruben Torres Guerra

Black Hat, Event

Next Week in Las Vegas With Prisma Cloud

Don’t miss the breakout and theater sessions, demos, CTF games, parties, prizes and more. Come to Las Vegas — as we showcase the industry’s most comprehensive cloud-native application protection platform (CNAPP...

Aug 02, 2023

By Cameron Hyde

Application Security, AppSec

Protecting Your Delivery Pipeline: Extensive CI/CD Security with Prisma Clo...

With the rise in attacks on continuous integration and continuous delivery (CI/CD) environments, it’s no surprise that the U.S. Government recently released guidance to help organi...

Jul 27, 2023

By Jonathan Bregman

Announcement, DevSecOps

Securing Golden Images at Build Using Prisma Cloud

Organizations often have a preferred base image from which they create virtual machines or instances. Base images are generally made up of a specific OS build and patch level, along with any software, configura...

Jul 26, 2023

By Dennis Schmidt, Kyle Butler and Dan Barr

Cloud Security, Code Security, Company & Culture, Points of View

LLM in the Cloud — Advantages and Risks

Let’s explore the relationship between LLMs and cloud security, discussing how these advanced models can be dangerous, as well as leveraged to improve the overall security posture...

Jul 20, 2023

By Daniel Prizmant and Jay Chen

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Identity and access management (IAM) has always been an area of focus for organizations, particularly when it comes to source control management systems (SCM). And rightly so — inadequate identity and access ma...

Jul 18, 2023

By Omer Gil and Yaron Avital

CI/CD, DevSecOps

Abusing Repository Webhooks to Access Internal CI/CD Systems at Scale

With the increasing adoption of CI/CD systems, organizations tend to adopt a common CI/CD architecture. This architecture combines SaaS-based source control management systems — su...

Jul 13, 2023

By Omer Gil and Asi Greenholts

Cloud Security Posture Management, Data Security

Cloud Compliance: Protecting Your Data and Maintaining Trust

Over the last decade, we’ve seen a significant shift in the industry toward cloud computing, as many businesses opt to use cloud-native services. This...

Jul 07, 2023

By Chanchal Sutradhar

CIEM

Mitigate Cloud Breaches With a Holistic Approach to Cloud Identity and Acce...

There’s no hiding from it. Cloud data breaches are on the rise. Threat actors are more prevalent and sophisticated. And the stakes for organizations across all industries remain hi...

Jul 03, 2023

By John Chavanne

Cloud Security Posture Management

Subdomain Takeover: Detecting and Mitigating with Prisma Cloud

With the adoption of cloud services for hosted content and domain registrations, subdomain takeover exploitations have become a common attack vector i...

Jun 28, 2023

By Kabeer Saxena and Shashi Kiran N

Load more blogs

More Blogs

Displaying 1—16 of

312 results

Sort By:

Application Security, AppSec

Protecting Your Delivery Pipeline: Extensive CI/CD Security with Prisma Clo...

With the rise in attacks on continuous integration and continuous delivery (CI/CD) environments, it’s no surprise that the U.S. Government recently released guidance to help organi...

Jul 27, 2023

By Jonathan Bregman

Cloud Security, Code Security, Company & Culture, Points of View

LLM in the Cloud — Advantages and Risks

Let’s explore the relationship between LLMs and cloud security, discussing how these advanced models can be dangerous, as well as leveraged to improve the overall security posture...

Jul 20, 2023

By Daniel Prizmant and Jay Chen

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

GitHub Actions has gained immense popularity in recent years as a powerful and flexible automation platform for software development workflows. With its intuitive user interface, e...

Aug 16, 2023

By Yaron Avital

Announcement, Cloud Security, Code to Cloud, Must-Read Articles, News and Events, Partners, Product Features

Deloitte Safeguards Software Development Lifecycle

As cloud computing continues to increase in popularity, businesses should consider remaining vigilant in protecting their information. Enterprises are...

Aug 10, 2023

By Joe Rogalski

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

In today’s post, we look at action pinning, one of the profound mitigations against supply chain attacks in the GitHub Actions ecosystem. It turns out, though, that action pinning...

Aug 30, 2023

By Yaron Avital

Announcement, DevSecOps

Securing Golden Images at Build Using Prisma Cloud

Jul 26, 2023

By Dennis Schmidt, Kyle Butler and Dan Barr

Cloud Security Posture Management, Data Security

Cloud Compliance: Protecting Your Data and Maintaining Trust

Over the last decade, we’ve seen a significant shift in the industry toward cloud computing, as many businesses opt to use cloud-native services. This...

Jul 07, 2023

By Chanchal Sutradhar

Black Hat, Event

Next Week in Las Vegas With Prisma Cloud

Aug 02, 2023

By Cameron Hyde

Announcement, Announcement, Cloud Native Security Platform, Cloud Workload Protection, Products and Services

Agentless Workload Scanning Gets Supercharged with Malware Scanning

Enterprises taking advantage of cloud-native architectures now have 53% of their cloud workloads hosted on public clouds...

Jun 22, 2023

By Mohit Bhasin and Omri Cohen

CI/CD, DevSecOps

Abusing Repository Webhooks to Access Internal CI/CD Systems at Scale

With the increasing adoption of CI/CD systems, organizations tend to adopt a common CI/CD architecture. This architecture combines SaaS-based source control management systems — su...

Jul 13, 2023

By Omer Gil and Asi Greenholts

Application Security, AppSec

The Evolution of Cloud-Native Application Security

Aug 09, 2023

By Steve Giguere

CIEM, IAM

Anomaly Detection Policies for Unusual Workload Credential Usage

Cloud computing is an essential component of modern business operations, providing numerous benefits — scalability, flexibility and cost-efficiency among them. But cloud computing...

Aug 03, 2023

By Bar Schwartz and Ruben Torres Guerra

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Jul 18, 2023

By Omer Gil and Yaron Avital

Cloud Native Application Protection Platform, Cloud Security Posture Management

Disrupt Attack Paths: How to Prioritize Your Most Harmful Risk

Among cloud deployments averaging 1000s of configuration violations, security teams are realizing approximately 1% of their issues involve interconnec...

Apr 11, 2023

By Jason Williams

DevSecOps, Points of View

The Anatomy of an Attack Against a Cloud Supply Pipeline

The most recent Unit 42 Cloud Threat Report contains the high-level results of a red team exercise performed against a SaaS customer’s continuous integration and continuous development (CI/CD) pipeline. In othe...

Oct 11, 2021

By Nathaniel Quist

CIEM

Mitigate Cloud Breaches With a Holistic Approach to Cloud Identity and Acce...

There’s no hiding from it. Cloud data breaches are on the rise. Threat actors are more prevalent and sophisticated. And the stakes for organizations across all industries remain hi...

Jul 03, 2023

By John Chavanne

Load more blogs