Security News

Palo Alto Networks has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "Key bet" at a time when the world has never been more reliant on off-premises computing. The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "Developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.

Palo Alto Networks announced the release of Prisma Access 2.0 to securely enable work-from-anywhere with the industry's most complete cloud-delivered security platform. As work continues to change and needs to be done securely everywhere, with no compromise on speed, security or performance, Prisma Access 2.0 introduces critical enhancements, including self-healing infrastructure for optimal experience, ML-powered security to help prevent attacks in real time, cloud SWG capabilities for a secure web gateway regardless of user location, and a reimagined cloud management experience.

Palo Alto Networks has made key bets around the shift to cloud and the need for integrated best-in-class security. Today Palo Alto Networks is making a further bet that cloud security must "Shift left," with security increasingly performed during the DevOps process.

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.

Network security giant Palo Alto Networks announced on Wednesday that it has agreed to acquire attack surface management firm Expanse in a deal valued at roughly $800 million. As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards.

Palo Alto Networks introduced Enterprise Data Loss Prevention-a cloud-delivered service that brings a fresh, simple and modern approach to data protection, privacy and compliance. "Data breaches are a huge and growing problem worldwide, but the existing legacy and point solutions are not accessible, appropriate or effective for many of the companies that need them," said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks.

Palo Alto Networks has threatened legal action against cloud visibility solutions provider Orca Security after the latter published a video comparing products from the two companies. The video made by Orca in August, which is still available on YouTube, is described as a "Detailed competitive comparison" between Orca Security's platform and Palo Alto Networks' Prisma Cloud product.

Palo Alto Networks has threatened a startup with legal action after the smaller biz published a comparison review of one of its products. Israel-based Orca Security received a cease-and-desist letter from a lawyer representing Palo Alto after Orca uploaded a series of online videos reviewing of one of Palo Alto's products and compared it to its own.

Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.

Palo Alto Networks remediated vulnerabilities in PAN-OS. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools. Attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS. "We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company's internal network," said Mikhail Klyuchnikov, researcher at Positive Technologies.