Cloud native applications combine a growing number of hosts and microservices, with a variety of compute options and technology stacks. As we mention in the main launch announcement for our latest updates, these complex architectures are only going to become more prevalent.
But securing the web applications and APIs that underpin these architectures has been a challenge for security teams due to their ever-changing nature and the lack of coverage from existing web security solutions.
With the latest update to Prisma Cloud, we’re delivering a security solution designed to secure cloud native APIs and microservices infrastructure with multiple layers of protection.
Prisma Cloud provides visibility and protection across multi- and hybrid-cloud environments. This includes both the cloud service provider (CSP) resources and services users configure, as well as the applications running on VMs, containers, Kubernetes and serverless.
By integrating deep web application and API security (WAAS) capabilities into our platform and unified agent framework, DevOps, application security professionals and security architects get a seamless platform that also includes vulnerability management, runtime defense and access control capabilities. Here are a few of the capabilities in this new module that help secure cloud native APIs and microservices.
Prisma Cloud Radar already delivers a real-time network topology of application communications integrated with vulnerability, compliance and runtime status. With these new WAAS capabilities, it now also automatically identifies running web applications and APIs along with their protection status.
Prisma Cloud can easily be configured to alert on and prevent against leading attack scenarios as part of the OWASP Top 10, including SQL injection, cross-site scripting (XSS), Shellshock protection, brute-force login attacks and more.
In addition, Prisma Cloud now offers the ability to disable, alert to, prevent or ban offending clients in these scenarios based on specific rule configurations for each application.
Web applications have been moving away from monolithic designs and shifting to microservices-based architecture, most commonly implemented using cloud native technologies like APIs. With the new WAAS module, Prisma Cloud can enforce security for these critical infrastructure components.
Users can set specifications provided through Swagger and OpenAPI files, or set definitions using API paths, allowed HTTP methods, parameter names, input types, value ranges and more. Once set, users can then define automated responses to requests which do not comply with the API’s expected behavior, such as sending an alert or banning an IP from accessing the API for a short period of time.
For applications that allow users to upload files, Prisma Cloud can be set to alert on or enforce file upload restrictions using fine-grained control (allow, alert or prevent) based on file extension type, including audio, compressed archives, documents, images and video.
To prevent spoofing, the file content of these widely-used formats is inspected to validate its stated type, and to ensure it matches the filename extension.
Prisma Cloud also provides and/or supports:
The capabilities highlighted above are automatically available to Prisma Cloud users who deploy the Prisma Cloud Defender to protect host or container runtimes.
Learn more on our dedicated Web Application and API Security webpage.