New Features Introduced in May 2018

The following table provides a snapshot of new features introduced for Aperture™ in May 2018. Refer to the Aperture Administrator’s Guide for more information on how to use the Aperture service.
Feature
Description
Enhanced Support for Microsoft Azure Storage Application
You now have full visibility and control for your Azure subscription and storage accounts with the iterative scan service, automatic remediation, and snippet support provided by Aperture. Because Azure users are constantly sharing and uploading content to containers, the iterative scan service continuously discovers and reports all container changes, suspicious activities, and events since the previous scan, so you can prevent any unintentional or malicious exposures. Due to event grid service region limitations, the Azure Storage iterative scan is only available in the us-central-east region. To view the details of an incident, Aperture now displays snippets of 100 bytes before and after the violation, so you can identify sensitive file and folder content within an Azure account. When you discover an asset is vulnerable, you can now create policy rules to automatically quarantine compromised Azure Storage assets and notify administrators of incidents and risky user activity to prevent exposure, malware propagation and data exfiltration.
Expanded Cloud Security License Offerings
The Palo Alto Networks Security Operating platform extends our leadership in cloud security and creates the only holistic cloud offering to address your critical security needs as you transition to the cloud. With this offering, you can now strengthen the security and compliance in your public cloud installations and expand your enforcement capabilities. The expanded capabilities help you continuously monitor your public cloud deployments, prevent data loss with increased storage security, ensure your sensitive workloads are in a continuous state of industry compliance, and automatically report assets, services and account settings against a set of strict security and compliance controls.
The license offerings available include:
Aperture All App
As you transition your SaaS apps to the cloud, you increase the risk of compromising sensitive data and propagating malware. The Aperture service analyzes all data in your SaaS apps and performs policy-driven analysis, so you can proactively and automatically remediate risks. With Aperture All App, you can also:
  • Discover, assess, and control SaaS application risks for over 20 SaaS applications.
  • Identify and prevent the propagation of both known and unknown malware.
  • Prevent data exfiltration with advanced machine learning and DLP.
  • Assess user activity with detailed information that identifies the user and activity-based anomalies.
  • Identify and address misconfigurations and abuse of administrative and user privileges.
  • Automatically identify third-party plugins and remove apps with abusive permissions.
Public Cloud Monitoring
You can continuously monitor your environment to immediately detect suspicious changes and activities and check against hundreds of customizable security best practices. With the Public Cloud Monitoring license, you can also:
  • Identify over 300 misconfigurations in your IaaS and PaaS apps.
  • Assess the context of misconfigurations with detailed information such as IaaS component, tag metadata, and region.
  • Apply remediation steps for each misconfiguration.
  • Create a custom signature that automatically identifies any misconfiguration in your environment.
  • View predefined bucket fitness and network security group fitness reports.
Public Cloud Compliance Report
When you run sensitive workloads, you can benefit from public cloud efficiency while remaining in compliance with industry regulations and guidelines such as NIST, FedRAMP, CIS and HIPAA. With the Public Cloud Compliance Report, you can:
  • View predefined compliance reports for compliance spanning a range of industry standards.
  • Review automated daily or on-demand reports for AWS S3 Bucket Fitness, Identity and Access Control (IAM), and Network Security Group Fitness.
  • Create a custom signature that automatically validates against a set of best practices you define.
  • View an audit trail of compliance history.
You must enable the Public Cloud Monitoring license to view the Compliance Report because Compliance reports are based on the information from continuous security monitoring.
Public Cloud Storage Security
Keep your AWS, Azure, and Google Cloud Platform environments secure with the proven and effective configuration, settings, and ongoing management provided by the Public Cloud Storage Security license. You can prevent data exposure and malware propagation for the structured data and storage in your apps, and:
  • Gain visibility and control for AWS Buckets, Azure Storage Blobs, and Google Cloud Platform buckets.
  • Identify and remove public buckets to prevent inadvertent exposure or use.
  • Identify and prevent the propagation of both known and unknown malware.
  • Prevent data exfiltration with advanced machine learning and DLP.
  • View an audit trail with detailed storage bucket information that identifies the user and activity-based anomalies.

Related Documentation