Features Introduced in November 2019

Learn what’s new on Prisma™ Cloud in November 2019.

Features Introduced on November 20, 2019

Feature
Description
Prisma Cloud Compute for Securing Hosts, Containers, and Serverless Deployments
To supplement the visibility and compliance assurance that Prisma Cloud already provides for your public cloud infrastructure, it now enables you to identify vulnerabilities, detect anomalous behavior and provide least privilege micro-segmentation for hosts, containers, and serverless functions across the entire application lifecycle from Continuous Integration and Continuous Development (CICD) to runtime.
The new
Compute
tab available with the Prisma Cloud Enterprise Edition license gives you the ability to deploy Prisma Cloud Defenders on hosts, containers and serverless environments to manage vulnerabilities, detect anomalies, ensure compliance, and provide runtime defense in a heterogenous environments including Windows, Linux, Kubernetes, OpenShift, AWS Lambda, Azure Functions, GCP Cloud Functions among others. From the Prisma Cloud administrative console, you can now perform security checks and review results from the CICD pipeline through to runtime across your hybrid or multi-cloud environments.
prisma-cloud-compute.png
The Compute tab will be rolled out gradually between now and early December 2019.
The documentation for the host, container, and serverless functions available on the
Compute
tab are in Prisma Cloud Administrator’s Guide (Compute). Documentation for all the other capabilities included with the Prisma Cloud Enterprise and Business Edition licenses are in the Prisma Cloud Administrator’s Guide .

Features Introduced on November 6, 2019

New Features

Feature
Description
Prisma Cloud on the GCP Marketplace
You can now purchase or try the Prisma Cloud service from the GCP Marketplace. The ability to launch Prisma Cloud from the GCP Marketplace, along with the VM-Series firewall and Panorama, enable you to use API-based and inline enforcement to protect and manage your resources deployed on the Google Cloud Platform.
gcp-marketplace.png
Left Navigation Menu
(
November 11, 2019 release
) The navigation bar on the Prisma Cloud user interface moved to the left.
prisma-cloud-left-nav.png
Anomaly Policies for Network Reconnaissance Detection
Anomaly policies have a new category for detecting Network Reconnaissance activity. This category includes four new Prisma Cloud default policies to help you identify port scan and port sweep attempts on cloud resources. Of the four new policies, the two policies for monitoring external port scan and port sweep activities are disabled by default, and the two policies for monitoring internal port scan and port sweep activities are enabled by default.
anomaly-policies-network-recon.png
Prisma Cloud Integration with Demisto
To help your security teams with the best incident management and automated workflows, Prisma Cloud integrates with Demisto, the Security Operations and Automated Response tool.
With this push-based integration, you can send Prisma Cloud alerts to Demisto and enable multi-step automated remediation workflows using playbooks.
Azure CIS v1.1 Support
The Azure CIS v1.0 compliance standard on Prisma Cloud is updated for v1.1, and includes policy updates that check for compliance with the requirements and sections in v1.1.
Support for SOC2 compliance standard on Azure and GCP
Added new policies to enable SOC2 compliance checks on Azure and Google Cloud Platform.
Custom Source Type for Splunk HEC
You can now set up a custom source type to identify Prisma Cloud alerts sent to the Splunk HTTP Event Collector (HEC). When you specify a string on Prisma Cloud, it will override what you define on the Splunk HEC.
IP Address Whitelist for Accessing Prisma Cloud Administrative Console
To restrict access to the Prisma Cloud administrator console and API, you can now whitelist the IP addresses or CIDR ranges that are permitted to access the management interfaces.
A maximum of 500 IP addresses or 10 CIDR block entries are allowed.
RQL Enhancement to Find a Specific Resource by Name
With the
api.name
attribute, you can now use a new
group by
operator to find whether an object exists within a result set. For example, to verify if a specific Azure resource group is deployed within the Azure subscriptions that are monitored by Prisma Cloud, you can use the following RQL:
config where cloud.type = 'azure' AND api.name = 'azure-resource-group' group by account as X; filter ' name is not member of (shanna-rg,shanna-resource-group)' ;
The query aggregates a list of all resource groups and displays those subscriptions that are not included in the specified resource groups.
rql-aggregate-operator.png
And you can use this RQL to create a custom policy to generate alerts when a policy violation is detected.
API Ingestion
Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data:
  • gcloud-app-engine-application
  • gcloud-organization-iam-policy
  • azure-network-firewall
  • azure-postgresql-server

Policy Updates

Policy
Description
Azure Storage Accounts ensure default network access rule for Storage Accounts is set to deny
Identifies storage accounts that accept connections from clients on any network.
Azure Storage ensure 'Trusted Microsoft Services' is enabled for Storage Account access
Verifies if Trusted Microsoft Services are granted access to storage accounts; these services bypass the network rules but are granted access with strong authentication mechanisms.
Azure App Service web app does not redirect all HTTP traffic to HTTPS
Identifies whether your Azure App service is configured with a URL rewrite rule to redirect all HTTP requests to use HTTPS.
Azure App Services web app authentication is off
Checks if Azure App services is enabled to prevent anonymous HTTP requests from reaching the API app, or is set up to authenticate requests that have tokens before they reach the API app.
Azure App Service web app doesn't use latest TLS
Checks that Azure App service web app uses TLS v1.2.
Azure App Service web app doesn't require client certificates
Checks that the App service is configured to request client certificates for incoming requests.
Azure App Service web app doesn't have a Managed Service Identity
Checks that the App service is configured to use a Managed Service Identify to connect securely to other apps and does not store secrets in the app.
Azure App Service web app doesn’t use latest .Net Core version
Checks for the best practice for using the latest .Net Core version. Python, PHP, Java version.
Azure App Service web app doesn’t use latest Python version
Azure App Service web app doesn’t use latest PHP version
Azure App Service web app doesn't use latest Java version
Azure Key Vault is not recoverable
Checks if your Azure Key Vault is not enabled for
Do not purge
and
soft delete
functions, to prevent loss of encrypted data including storage accounts, SQL databases, and/or dependent services provided by key vault objects.
Azure Security Center policies
Phone number for Security contact is not set in Security Center
Security contact emails is not set in Security Center
Send email also to subscription owners is set to OFF in Security Center
Send me emails about alerts is set to OFF in Security Center
Standard pricing tier is not selected in Security Center

Related Documentation