Palo Alto Networks announced a new security offering to combat supply chain threats. This Cloud Supply Chain Security offering provides a complete view of where potential vulnerabilities or misconfigurations exist in an organization’s software supply chain. This enables to trace and fix the bugs quickly
Attacks on supply chains have been increasing, for taking colonial pipeline into consideration as a best example . The issue for supply chains is that security flaws, if not quickly traced and fixed, can invite attackers to infiltrate systems, spread malicious payloads throughout an organization’s software and access sensitive data.
The current solutions that exist in whatever form, only provide vulnerability and misconfiguration information at a resource layer in code or in the cloud. Prisma Supply Chain Security provides full lifecycle visibility and protection and the context of where a vulnerability fits into the layers of cloud architecture.
Prisma Cloud Supply Chain Security helps provide a full-stack, full-lifecycle approach to securing the interconnected components that make up and deliver cloud-native applications. It helps identify vulnerabilities and misconfigurations in code, including open-source packages, infrastructure-as-code files, and delivery pipelines, such as version control system and continuous-integration pipeline configurations.
Features include auto-discovery, graph visualization, supply chain code fixes, code repository scanning and branch protection rules. Organizations can thus better assess the attack surface of their delivery pipelines and all connected application and infrastructure resources to be better equipped to help prevent supply chain attacks. Preventing supply chain attacks helps to reinforce an organization’s zero-trust enterprise approach. The new service is now available in both Prisma Cloud and Bridgecrew by Prisma Cloud.