Palo Alto Networks Unveils 5 New Prisma Cloud Features

The company’s ‘Darwin’ release is the biggest release yet for the cloud security platform, a Palo Alto Networks executive tells CRN.


Palo Alto Networks unveiled what it’s calling the biggest release yet for its cloud security platform, Prisma Cloud, including an array of new features that provide greater intelligence and context to security teams as well as developers.

The cybersecurity giant said the “Darwin” release for Prisma Cloud will include new capabilities to help organizations better prioritize their cloud security risks while giving customers a much-improved user interface.

[Related: Palo Alto Networks CEO Nikesh Arora: ‘Disrupt Ourselves,’ Transform The Industry]

Sponsored post

The updates announced Wednesday also heavily utilize AI, though do not include any use of generative AI, the company said. Palo Alto Networks has major aspirations for GenAI but has not yet released capabilities powered by the technology.

The new Prisma Cloud release does, however, stand out in the crowded cloud security field in a number of respects with its new capabilities, said Ankur Shah, senior vice president and general manager for Prisma Cloud at Palo Alto Networks.

“Darwin is going to be the beginning of a new era,” Shah told CRN.

Along with the new enhancements to the Prisma Cloud platform as a whole, the company also announced one new module, Cloud Discovery and Exposure Management, which brings the total number of Prisma Cloud modules to 12.

The Prisma Cloud updates come as the platform has been seeing strong adoption from partners and customers, executives have said. The Prisma Cloud business surpassed $500 million in annual recurring revenue as of the company’s fiscal fourth quarter, ended July 31, according to Palo Alto Networks.

What follows are the details on five new features unveiled for Palo Alto Networks’ Prisma Cloud platform.

Code-to-Cloud Remediation

Prisma Cloud’s new Code-to-Cloud Remediation capability enables an organization’s infrastructure team to quickly ascertain what the most important threat is to focus on, Shah said.

One critical aspect of this capability is providing greater context to users from a number of directions, he said.

“We contextualize that by combining identity, posture management, vulnerability [information], API attacks — all of that into a single context,” Shah said.

Infrastructure teams are then presented with two options. One is to fix the issue in the cloud, he said. However, those changes might be negated within weeks when a new release comes out, and so the new feature also allows users to fix the issue in the code itself, according to Shah.

Among the new Prisma Cloud features, Code-to-Cloud Remediation is the most unique for the industry and represents the biggest leap forward for the platform — and for the security practitioners that use it, he said.

“We’re taking a fundamentally different approach, which is, context is the king. Intelligence is what you need. Because it’s a never-ending race,” Shah said. “So we care about our security practitioners. And this is a way for them to really help the dev teams to get better early on, and also prioritize the most important things.”

Code-to-Cloud Vulnerability Management

Many customers are dealing with multiple sources of vulnerability data within a single application lifecycle, which is proving to be complex to manage, Shah said.

Meanwhile, customers have thousands or tens of thousands of vulnerabilities open at any given time, he said.

With Code-to-Cloud Vulnerability Management, customers are able to have just one tool to address cloud vulnerability issues, Shah said. This includes open-source scanning, registry scanning and runtime scanning, he said.

The capability will also help customers with “tracing what’s happening in runtime back to the code,” Shah said.

Additionally, by clicking a button, “now the practitioners will have the ability to fix the problem in code,” he said.


When it comes to cloud and application security, the first thing customers are looking for is better visibility, Shah said. Other tools on the market, however, are only providing visibility at the workload level, he said.

With the introduction of AppDNA, Prisma Cloud is “giving you visibility at the application level. We tell you the application context,” Shah said.

“It’s looking at your cloud through the lens of an app. And apps are your crown jewel,” he said. “Your workloads are, to be honest, commodities. Virtual machines are not expensive. Your apps are worth millions of dollars.”

Infinity Graph

For forensics purposes, Palo Alto Networks is also adding its new Infinity Graph capability, Shah said.

With Infinity Graph, customers can easily ask questions using natural language and get answers that provide the ability to “understand risks with deep context,” the company said in a blog post.

“By correlating the security stack across misconfigurations, vulnerabilities, exposure, identity and secrets, sensitive data, and more, you see the potential attack paths leading to a breach,” the company said in the post.

Code-to-Cloud Dashboard

Prisma Cloud’s newly added Code-to-Cloud Dashboard aims to provide customers with a way to quickly see how they are improving on security, Shah said.

“The idea is we’ll show our customers, as you get better at securing early on in the code pipeline, your risk will consistently reduce in the cloud,” he said.

The dashboard also breaks down the risk reduction progress by teams and by applications, to show where the successes are and where the trouble spots are in particular, Shah said.