Scribd
Upload
90 views2 pages

Prisma Cloud Waas Aag

Prisma Cloud Web Application and API Security (WAAS) by Palo Alto Networks offers comprehensive protection for web applications and APIs within cloud-native architectures, providing visibility, vulnerability detection, and runtime protection. It addresses the limitations of traditional web application firewalls (WAFs) by integrating multiple layers of security and supporting various deployment environments, including multicloud and hybrid setups. Key features include API security, bot risk management, denial-of-service protection, and flexible deployment options, ensuring robust security throughout the application lifecycle.

Uploaded by

laura ruiz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
90 views2 pages

Prisma Cloud Waas Aag

Prisma Cloud Web Application and API Security (WAAS) by Palo Alto Networks offers comprehensive protection for web applications and APIs within cloud-native architectures, providing visibility, vulnerability detection, and runtime protection. It addresses the limitations of traditional web application firewalls (WAFs) by integrating multiple layers of security and supporting various deployment environments, including multicloud and hybrid setups. Key features include API security, bot risk management, denial-of-service protection, and flexible deployment options, ensuring robust security throughout the application lifecycle.

Uploaded by

laura ruiz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Prisma Cloud–Web Application and API Security

At a Glance
Prisma Cloud Web Application and API Security (WAAS) Module
Palo Alto Networks Prisma Cloud provides comprehensive detection and protection of web applications and API risks for any cloud-native architecture.
• Complete visibility: Visibility into all web applications and API traffic on any cloud-native architecture in your private or public cloud.
• Defense in depth: Seamlessly integrated with the industry’s leading cloud-native application protection platform, Prisma Cloud provides multiple layers
of protection, including visibility, vulnerability detection, security posture management, and runtime protection.
• Comprehensive coverage: Full coverage across OWASP Top 10, advanced DoS threats, bad bots, access control attacks, file upload, and more.
• Full lifecycle protection: Confidently protect web apps and APIs across the application lifecycle, including the build, run, and deploy phases.
Prisma Cloud is at the forefront of cloud-native security and provides customers with the most comprehensive security capabilities necessary for protecting
their entire cloud-native application stack. Customers can secure their web apps and APIs confidently for cloud-native architecture.

Legacy WAFs No Longer Provide Complete Security


Traditional approaches to web application security, like a legacy web application firewall (WAF), don’t work—at least not on their own. Many new a­ pplications
are developed and deployed using cloud-native architecture. While cloud-native architecture brings plenty of benefits, it also introduces new security
­challenges, such as protecting your application on different architectures and protecting internal and external APIs from abuse.
Prisma Cloud’s Web Application and API Security is the industry’s only integrated solution to provide comprehensive detection and protection of web
­applications and APIs for any cloud-native architecture. Development and security teams can confidently leverage best-in-class protection against application
layer attacks within a few clicks.

How We Approach Application Security


The truth is that traditional WAF solutions really struggle with the complex task of protecting web applications and APIs running over cloud-native
­infrastructure. By using the Prisma Cloud Compute defenders, users can protect applications even in the most complex deployment scenario—we have
­defenders for hosts, VMs, containers, and serverless functions.
• Multicloud, on-premises, or hybrid-cloud protection: It can be deployed on private or public clouds, on-premises, and in hybrid deployments. Defenders
are part of the deployment, and this allows WAAS to be deployed close to the protected application with full visibility into east-west traffic as well as traffic
originating from sources external to the deployment.
• Auto scales with your applications: WAAS auto-scales by nature. For example, for Kubernetes deployments, we deploy as a DaemonSet—as you grow the
number of nodes in your deployment, we grow the number of defenders to tailor protection to the application needs.
• Integrated with our Cloud-Native Application Protection Platform: Users manage their entire security posture in a single workload protection solution
either as a full on-premises solution or as part of their cloud security strategy. Users can benefit from multilayer protection in a single security p
­ roduct
where WAAS can inspect all incoming traffic to the application. In addition, runtime protection detects anomalies and can apply controls to secure
­vulnerable images and misconfigurations.

Prisma Cloud–Web Application and API Security (WAAS) | At a Glance | © 2023 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. 1
Prisma Cloud–Web Application and API Security
At a Glance
Web Application and API Protection (WAAS) ­Features
Web app firewall: A state-of-the-art web app firewall can help monitor,
filter, and ban traffic to the applications. In addition, it offers protection
against critical security risks described in the OWASP Top 10 list.
App Firewall API Security
(WAF) WWW.
API visibility: Real-time automated API discovery in all environments and
API traffic profiling via machine learning message structure and input
format to create a normal baseline.
API security: Enforcement of API security based on specifications pro-
vided in the form of Swagger or OpenAPI files. WAAS also provides API
protection against OWASP API Top 10 risks.
API risk profiling: Understand and prioritize risk for all APIs in your
environment based on risk factors such as misconfigurations, changes,
>...
exposure to sensitive data, and access control. Bot Risk DoS Advanced Custom Rules
Bot risk management: Protection and visibility into bad bots, known good Management Protection Analytics and Virtual Patches
bots, headless browsers, and other automation frameworks accessing pro-
tected web applications and APIs, including static and dynamic detections.
Denial-of-service (DoS) protection: Enforce rate limit on IPs or sessions to No Limits on Transactions or Requests
protect against high-rate and “low and slow” application layer DoS attacks.
Access controls: Robust real-time, IP-based, or geo-based access Figure 1: WAAS — Web Application and API Security
­controls prevent unauthorized access to APIs and web applications.
Custom rules: An additional mechanism that gives you a precise way to describe and detect discrete conditions in requests and responses.
Virtual patches: Virtual patching for newly discovered zero days, exploits, and other emerging threats, curated, and published by the Palo Alto Networks Unit
42 Threat Research team.
File upload controls: Protects your applications against malware dropping by restricting uploads to just the files that match any allowed content types.
Advanced analytics: Investigate events and rule triggers for all web apps and APIs for detailed analysis.
Dashboard explorer: Real-time and historical metrics on security coverage, traffic activity, attack types, and traffic sources, along with API observations and
unprotected web applications discovery.

Flexible Deployment Options


Customers can either choose from a SaaS model or deploy the self-hosted version if they have an air-gapped environment; either option comes with all
capabilities of WAAS. Our agent and out-of-band platform give organizations the ability to protect applications on servers/VMs, containers, and serverless
functions in public, private, and hybrid cloud environments.
Inline/Agent: By deploying the agent as an HTTP reverse proxy on the workload of the application, Prisma Cloud is able to provide real-time prevention against
application layer attacks.
Out-of-band: Out-of-band provides full application layer visibility into web apps and APIs and can detect and alert against application-layer attacks in
near-real time. This is achieved without applying any latency or risk to the application. This mode of operation can be deployed either based on existing agents
or by using VPC traffic mirroring.

Learn more about the Prisma Cloud Web Application and API Security solution. Visit the website or check out the TechDocs.

Prisma Cloud–Web Application and API Security (WAAS) | At a Glance | © 2023 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. 2

You might also like