In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Taylor Smith, Senior Product Manager at Prisma Cloud by Palo Alto Networks, to discuss the details on their Software Composition Analysis (SCA) tool. He shares his insights into how they bring infrastructure and application security together and why this sets them apart from competitors. He explains how their solutions are breaking down silos in DevOps and its key capabilities.
Key highlights from this video interview are:
- The SCA tool looks at all the different package dependencies and identifies known vulnerabilities in them. It uses the same intelligence stream as previously used but also includes package manager files. Smith explains how this works through the development lifecycle and developers are warned about vulnerabilities or license compliance issues.
- Smith discusses how their new tool differentiates them against competitors. He explains that you now have protection over the full lifecycle which other players do not have, finding vulnerabilities in runtime and protecting against attempted exploits. He goes into detail about their tool’s key features.
- The software supply chain has been a hot topic. Smith explains that as part of their launch, they have included a SBOM including infrastructure resources in the software bill of materials. He discusses why this is significant and the key capabilities of their SBOM. He notes also that their SBOM does not just look at vulnerabilities but the posture of the CI/CD pipeline as a whole.
- Smith discusses how Prisma Cloud helps companies improve their security posture, explaining that it is not meant to be a single point solution but rather making the connections between vulnerabilities and code misconfigurations in the infrastructure during the full lifecycle. He discusses how the one tool can be used as a unified security offering for developer and security teams, breaking down the silos.
- There are a number of pain points DevOps teams are facing today but Smith explains how Prisma Cloud creates a developer first focus so that vulnerabilities can be found and fixed as soon as possible.
- Smith discusses Prisma Cloud’s involvement in KubeCon, explaining that they are presenting and how their announcements will be relevant for Kubernetes users. He goes into detail about the ways users can benefit, saying that they are extending their capabilities to finding vulnerabilities in the containers that are being imported. He tells us what to expect from their two booths.
The summary of the show is written by Emily Nicholls.