Prisma is basically a ‘Branding Plus’ exercise, where the big news is the rebranding of existing products into a new suite, but the products receive some enhancements – with more to come – to make them work more smoothly together.
Today, Palo Alto Networks announced Prisma, a new cloud security suite that becomes the focus of its cloud strategy going forward. It consists of four components – none of which are new. However, with the rebranding as Prisma, the components are also being retrofitted to work more like a suite, with all that implies in terms of smooth interchangeability. Some of the enhancements are available out of the gate, while others are on the way.
“Prisma is the new branding for our cloud portfolio,” said Adam Geller, Senior Vice President, Senior Vice-President, Cloud Product and Engineering at Palo Alto Networks. “It’s more than just branding, however. It’s more like ‘Branding Plus’. Branding changes by themselves are just a messaging wrapper, and you can do that without bringing the products together. However, we are also making enhancements to these from a product standpoint, which are designed to improve the relationships between these different products.”
The Prisma rebranding is intended to show Palo Alto Networks’ commitment to a more comprehensive approach towards the cloud.
“Many companies take a more narrow approach to security in the cloud, with specific products like a solution for containers, or a piece of SaaS,” Geller said. “We ourselves have been operating our own cloud products under different product names. Prisma is an opportunity to pull it all together under one brand and become synonymous with cloud security.”
The four components of Prisma are Prisma Access, Prisma Public Cloud, Prisma SaaS, and the VM-Series – with the latter not being formally rebranded like the others. Prisma Access was launched a little less than two years ago as Global Protect Cloud Service. Prisma Public Cloud consists of two acquired components, Redlock and Evident.io. Prisma SaaS used to be Aperture, which has been around since 2015.
“All four elements of Prisma have been in the market before, some for a longer period of time, and some more recent acquisitions,” Geller said. “Announcing and articulating them as a single suite of cloud security products is meant to help customers navigate that broad journey to the cloud, where they are all at different stages. However, it also means bringing these products together with a consistent look and feel and as a consistent experience. As a suite, the components have to be easily interchangeable with the user being able to switch easily from one to the other.”
Prisma Access provides secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture.
“We are announcing that we will be extending this to the Google Cloud Platform, extending the service to more than 100 new locations,” Geller said. Prisma Access will also be receiving access to a streamlined cloud management UI, and service providers will receive capabilities specifically designed to enable rapid provisioning of secure outbound internet connectivity for their customers.
Prisma Public Cloud utilizes the technology acquired from Redlock and Evident.io to provide continuous visibility, security, and compliance monitoring across public multi-cloud deployments. The new element now being introduced is what Palo Alto Networks calls a ‘shift left’ approach – the ability to further reduce the attack surface early in the development cycle.
“The Public Cloud has distinct Build, Deploy and Run stages, but a lot of what we have done historically in the public cloud focuses on Run Time – protecting the environment while it’s operating,” Geller said. “The Shift Left concept brings the recognition that if you want to secure the cloud you have to be able to deal not just with Run Time, but with the Build and Deploy stages. We deal with this with things like introducing vulnerability scanning for containerized environments, so you don’t deploy containers with vulnerabilities. We also now scan templates before they are deployed. With Shift Left, we are moving much earlier into the process to make security part and parcel of design, not just operation.”
Prisma SaaS is a multi-mode cloud access security broker [CASB] service that safely enables SaaS application adoption through risk discovery, adaptive access control, data loss prevention, compliance assurance, data governance, user behavior monitoring, and advanced threat prevention.
“The first new thing we are doing here involves integrated SaaS visibility,” Geller said. “This used to be a separate component from our API-based solution, but with Prisma SaaS, we bring together the ability to operate inline capability with the API-based side to create joint visibility views across all of SaaS. We are also marrying data from our NGFW with SaaS. We have enhanced the way we deliver this, moving from a more fragmented approach to one place where you can see the total SaaS exposure and control it.”
The other enhancement will be changes to the DLP [Data Loss Prevention] engine.
“A huge part of SaaS is the DLP engine, to classify data and reduce exposure,” Geller noted. “We have had that for years. Now, we are finishing up a significant enhancement to the DLP engine.” Those changes, which Geller said will soon be available, include the availability of more classifiers.
The fourth component of Prisma, the VM-Series, is the virtualized form factor of the Palo Alto Networks Next-Generation Firewall.
“We chose not to rebrand it,” Geller said. “Its use cases are very wide-ranging, moving from originally around virtualization to the private cloud and them the public cloud, but it’s about having the right form factor to fit into that. The VM-Series is an important element of securing applications, and is integrated to be as native as possible in those cloud environments. We are not announcing any major changes to the VM-Series at this time.”
Prisma Access, Prisma Public Cloud, Prisma SaaS, and the VM-Series are all available now.