The document discusses the risks associated with open source code in cloud applications, highlighting that 75% of application code is open source and that 81% contain vulnerabilities. It advocates for a proactive zero trust strategy to secure applications, emphasizing the importance of risk prevention throughout the application lifecycle. Prisma Cloud offers solutions for comprehensive security across code, runtime, and infrastructure to manage vulnerabilities and incidents effectively.

1. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
© 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Securing Your Cloud Journey
from Code to Cloud
Fransiskus Indromojo, CISSP
Sr. Solution Architect Prisma Cloud
Palo Alto Networks

2. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.

3. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
A majority of the code in the average application
is open source
Cloud Services
Compute Storage Network IAM
Host/VM
Serverless
Orchestrator
Container Runtime
App App
App
App App
of application code
is open source1
75%
*Forrester’s The State of Application Security

4. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Open source code is vulnerable to attack
Cloud Services
Compute Storage Network IAM
Host/VM
Serverless
Orchestrator
Container Runtime
App App
App
App App
of codebases contain
an OSS vulnerability**
81%
*Unit 42 Cyber Intelligence Network Threat Research

5. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Open Source & Code Dependencies Findings
Attacks on software supply
chains are on the rise
7.3K+
malicious open-source
software packages were
discovered in 2022
Managing code
dependencies is
challenging
77%
of the required packages and
vulnerabilities are introduced
by non-root packages

6. Open Source Trust Ecosystems In the Cloud Are Fragile
Source: https://xkcd.com/2347/
● Excessive implicit trust in open
source libraries and software
components
● Open source projects are usually
maintained on a volunteer basis
(e.g. Log4j)
● Traditional approaches do not
enable proactive ‘zero trust’

7. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
RISK
80%
OSS with Vulnerabilities
15 min
to exploit New
Vulnerabilities
10:1
Dev to Sec ratio
40%
GenAI proliferation
of insecure code
INNOVATION
75%
Public cloud will be the
primary platform by 2026
77%
Continuous delivery;
every week
10X
GenAI acceleration
of software
Modern Cloud Applications: The Perfect Storm of Innovation and Risk

8. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Why Current Approaches to Protecting Applications Fail
SECURITY REMAINS AN AFTERTHOUGHT

9. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Device/Workload
Verify user device
integrity
Verify workload
integrity
Identify all devices
including IoT
Access Transaction
Identity
Validate users with
strong authentication
Validate developers,
devops, and admins
with strong
authentication
Validate all users with
access to the
infrastructure
Enforce least-privilege
user access to data and
applications
Least-privilege access
segmentation for
native and third-party
infrastructure
Enforce least-privilege
access for workloads
accessing other
workloads
Scan all content for
malicious activity and
data theft
Scan all content for
malicious activity and
data theft
Scan all content within
the infrastructure for
malicious activity and
data theft
Zero Trust for
Users
Zero Trust for
Applications
Zero Trust for
Infrastructure
© 2022 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
WHERE DOES CLOUD SECURITY FIT INTO ZERO TRUST

10. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Everything Cloud Starts as Code
Cloud Infrastructure
Code Cloud Runtime
Payments
Catalog
Shipping
Analytics
Billing
Custom
Open Source
IaC
CI/CD pipeline CI/CD pipeline
VMs Containers
Serverless
PaaS
DBaaS Identity
Cloud Application

11. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Everything Cloud Starts as Code, Where 1 issue …
Cloud Infrastructure
Code Cloud Runtime
Payments
Catalog
Shipping
Analytics
Billing
Custom
Open Source
IaC
CI/CD pipeline CI/CD pipeline
VMs Containers
Serverless
PaaS
DBaaS Identity
Cloud Application
!
!

12. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Everything Cloud Starts as Code, Where 1 issue Becomes Hundreds in Runtime
Cloud Infrastructure
Code Cloud Runtime
Payments
Catalog
Shipping
Analytics
Billing
Custom
Open Source
IaC
CI/CD pipeline CI/CD pipeline
VMs Containers
Serverless
PaaS
DBaaS Identity
Cloud Application
!
!
! ! !
! ! !

13. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Everything Cloud Starts as Code, Where 1 issue Becomes Hundreds in Runtime
Cloud Infrastructure
Code Cloud Runtime
Payments
Catalog
Shipping
Analytics
Billing
Custom
Open Source
IaC
CI/CD pipeline CI/CD pipeline
VMs Containers
Serverless
PaaS
DBaaS Identity
Cloud Application
!
!
! ! !
! ! !
!
!
!
!
!
!
!
! !
!
!
!

14. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
The End Goal: Fewer Incidents, Reduced Cost
1
Misconfigured or
vulnerable repo
Security
Run-Time
100s
of deployments
Developers DevOps
Build Deploy
Issues To Fix
1,000s
of security alerts
Turns
Into
Turns
Into
1x
Cost to fix a bug
found during coding
5x
Cost to fix a bug
found during testing
20x
Cost to fix a bug
found in production
Uncaught Uncaught

15. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
VISIBILITY COMPLIANCE
AND GOVERNANCE
Code Compliance, IaC Compliance,
Cloud Compliance to Workload
Compliance
FULL LIFECYCLE
VULNERABILITY
MANAGEMENT
Shift Left and Also Shift Right
Vulnerability Management
FULL LIFECYCLE
PREVENTION
Prevention First on API, VM, Container,
Serverless Workloads
03
01 02
We Need to…
DEFINE THE PROTECTION STRATEGY

16. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Mitigating Security Risks across Application Lifecycle
Cloud Infrastructure
Code Cloud Runtime
Payments
Catalog
Shipping
Analytics
Billing
Custom
Open Source
IaC
CI/CD pipeline CI/CD pipeline
VMs Containers
Serverless
PaaS
DBaaS Identity
Cloud Application
!
!
! ! !
! ! !
!
!
!
!
!
!
!
! !
!
!
!
P
SAST
P
Secrets
Scanning
P
IaC Security
CI/CD
Security
P
P
SCA
P
API
P
CSPM
P
CIEM CDS
P P
CWP
P
WAAS CNS
P
CDR
P
P
Vuln
Management

17. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
© 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
How Prisma Cloud Can Help You?

18. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Zero In Quickly to Fix Now in Cloud, and Forever in Code
Critical Risks and Incidents
Showing critical risks and incidents in the last 24 hours
Go to Command Center
INCIDENTS
VIEW INCIDENTS
2 100%
ATTACK PATHS
VIEW ATTACK PATHS
8 50%
VULNERABILITIES
VIEW VULNERABILITIES
21 40%
EXPOSURES
VIEW EXPOSURES
32 100%
IDENTITY RISKS
VIEW IDENTITY
2
DATA RISKS
VIEW DATA
5
Home Dashboard Reports Inventory Alerts Investigate
Internet Internet Exposure Admin Access PII Data
Misconfiguration
Virtual Machine
Critical Vulnerability
Send ticket to Application
owner with rich context
Or apply Compensating
controls to Block Exploits*
Open Ticket
Virtual Patch
Fix in Cloud
Send Pull Request
Send Recommended Fixes
for Developers to approve
Fix in Code
*Roadmap
25% 100%

19. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Zero In Quickly to Fix Now in Cloud, and Forever in Code
Critical Risks and Incidents
Showing critical risks and incidents in the last 24 hours
Go to Command Center
INCIDENTS
VIEW INCIDENTS
2 100%
ATTACK PATHS
VIEW ATTACK PATHS
8 50%
VULNERABILITIES
VIEW VULNERABILITIES
21 40%
EXPOSURES
VIEW EXPOSURES
32 100%
IDENTITY RISKS
VIEW IDENTITY
2
DATA RISKS
VIEW DATA
5
Home Dashboard Reports Inventory Alerts Investigate
Internet Internet Exposure Admin Access PII Data
Misconfiguration
Virtual Machine
Critical Vulnerability
Send ticket to Application
owner with rich context
Or apply Compensating
controls to Block Exploits*
Open Ticket
Virtual Patch
Fix in Cloud
Send Pull Request
Send Recommended Fixes
for Developers to approve
Fix in Code
*Roadmap
25% 100%
Code-to-Cloud Remediation

20. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Explore All Angles from Code to Cloud

21. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Explore All Angles from Code to Cloud
Code-to-Cloud Infinity Graph

22. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
● Measure and report
from Code to Cloud
● See burndown trends
● Celebrate success
Full Lifecycle Reporting to Foster Dev-Sec Collaboration
Visibility from Code-to-Cloud Prioritize and Remediate Search and Investigate Force Multiply with AI Report from Code-to-Cloud
Total Buildtime Errors in Repositories
118
ACME Enterprises
Your Aggregate Environment Rollup
Total Urgent Vulns in Registry Images
32
Total Incidents & Attack Paths
7
Buildtime Errors in Repositories
76
Urgent Vulns in Registry Images
14
Incidents & Attack Paths
3
Buildtime Errors in Repositories
42
Urgent Vulns in Registry Images
18
Incidents & Attack Paths
4
8% 9% 20%
8% 9% 20%
Segment your top security risks by Applications or Account owners to identify problematic areas.
Inventory & Search App
Business Unit A
Inventory & Payments App
Business Unit B

23. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
● Measure and report
from Code to Cloud
● See burndown trends
● Celebrate success
Full Lifecycle Reporting to Foster Dev-Sec Collaboration
Visibility from Code-to-Cloud Prioritize and Remediate Search and Investigate Force Multiply with AI Report from Code-to-Cloud
Total Buildtime Errors in Repositories
118
ACME Enterprises
Your Aggregate Environment Rollup
Total Urgent Vulns in Registry Images
32
Total Incidents & Attack Paths
7
Buildtime Errors in Repositories
76
Urgent Vulns in Registry Images
14
Incidents & Attack Paths
3
Buildtime Errors in Repositories
42
Urgent Vulns in Registry Images
18
Incidents & Attack Paths
4
8% 9% 20%
8% 9% 20%
Segment your top security risks by Applications or Account owners to identify problematic areas.
Inventory & Search App
Business Unit A
Inventory & Payments App
Business Unit B
Code-to-Cloud Dashboard

24. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Code-to-Cloud
Remediation
Code-to-Cloud
Security
Code-to-Cloud
Dashboard
Code-to-Cloud
Infinity Graphs
AI Co-Pilot
Secure the Infrastructure
Secure the Source Secure the Runtime
Prisma Cloud Helps Customers “Prevent Risks & Breaches”
Shift left and Secure by Design
all Code, Secrets, Open Source
libraries, Infrastructure as Code (IaC),
and CI/CD pipelines
Prisma Cloud
Gain Visibility and Control over
Configurations, Identity and Access, Data,
and Vulnerabilities across all clouds
Protect the Application Runtime
Environment, securing all Cloud
Workloads and APIs
Block breaches in runtime
Fix risks at the source
Risk Prevention Visibility & Control Runtime Protection
Security Data Mesh
Open, Extensible Platform

25. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
What’s Required: Integrated Context to Prioritize, Fix at Source, Block in Runtime
Cloud Infrastructure
Code Cloud Runtime
Prisma Cloud
Code-to-Cloud Intelligence
Block breaches in runtime
Fix risks at the source
Secure the Infrastructure
Secure the Source Secure the Runtime

26. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
CURRENT
APPROACH
CLOUD NATIVE APPLICATION
PROTECTION PLATFORM
Protection Focused on Runtime Comprehensive Security from Code to Cloud
Visibility Without Prevention Prevention-First Approach
Infrequent Scans Lead to Blind Spots Continuous, Real Time Visibility
Tool Proliferation Platform with Choice For Every Cloud Journey
Scale Issues, Performance Impacts Cloud Scale Security
CLOUD SECURITY: PRISMA CLOUD PRINCIPLES
Prisma Cloud

27. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
40%
greater coverage than
the nearest competitor
11 Hosting Locations
Multi-geo support: NA (US & Canada), EMEA (UK, Germany, France),
JAPAC (Australia, China, Singapore, Japan, India), GovCloud
Support your DEVELOPERS’ CHOICE of cloud services
Broadest Cloud Service Coverage

28. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
© 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Don’t take our word for it

29. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Secure the Runtime
Secure the Infrastructure
CNAPP
LEADER
Global CNAPP Radar
CNAPP
Top Reviewed Product
Gartner Peer Insights CNAPP
CNAPP
LEADER
Cloud Workload Security Wave
Secure the Source
Prisma Cloud: Protection from Code to Cloud
A Complete Platform that Integrates Best of Breed Capabilities
DevSecOps
LEADER
Developer Security Tools Radar
Code Security
LEADER
Policy as Code Radar
CSPM
LEADER
CSPM Radar
CSPM
Top Reviewed Product
Gartner Peer Insights CSPM
CWPP
Ranked #1
Top CWPP Products
CWPP
LEADER
Global CWPP Radar

30. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Thank you
paloaltonetworks.com
© 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.

31. © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Prisma Cloud Adoption Journey Roadmap
Risk Prevention
Infrastructure as Code (IAC)
Software Composition
Analysis
Secrets Scanning
CI/CD Pipeline
Cloud Migration Journey
Cloud
Security
Adoption
Visibility & Control
Visibility & Compliance
Misconfiguration and threat
detection
Vulnerability management
Permissions management
Runtime Protection
Exploit & Malware Prevention
Command & Control (C2)
Protection
API Security
Lateral Movement Prevention
Integration & Orchestration
Automation and Response
Incident Management
Security Orchestration
Threat Hunting and management
Foundation
Advanced
Ideal
Objective & Goal:
Safer:
Reduction in likelihood of breaches with
prevention first strategy and proactive risk
based security
Simpler:
Achieving simpler process to improve on
MTTD(Detection) / MTTI(Investigate) /
MTTR(Remediation)
Faster:
Reducing the time to create and tune
workflow and policies
Basic