Software supply chain attacks continue a big concern for organizations around the world. In 2021 alone, reports show that software supply chain attacks grew by 300% with some of the biggest organizations in the world affected.
According to research, more than three in five companies were targeted by software supply chain attacks in 2021. Log4J and the attacks in Kaseya are just some of the notable software supply chain attacks in 2021.
Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. As such, businesses need to have a complete view of where potential vulnerabilities or misconfigurations exist in the software supply chain. This will allow organizations to quickly trace to the source and fix them.
Palo Alto Networks’ Unit 42’s Cloud Threat Report also found that access to hardcoded credentials opened the door for lateral movement and continuous integration/continuous delivery (CI/CD) pipeline poisoning.
The problem is that many current solutions only provide vulnerability and misconfiguration information at a resource layer in code or the cloud. Hence, Palo Alto Network’s Prisma Cloud Supply Chain Security, Prisma Cloud provides not only full lifecycle visibility and protection but the context of where a vulnerability fits into the layers of a cloud architecture.
“Every day new vulnerabilities are found in open source and other software components that have previously been integrated into the organization’s software code. Without the proper tools, it is very difficult for organizations to quickly spot where they have used the unpatched versions of these components,” said Ankur Shah, senior vice president, Prisma Cloud products, Palo Alto Networks.
Shah explained that Prisma Cloud is designed to help protect organizations from code to cloud; and now that customers can visualize their software supply chain, it’s easier to spot, prioritize, and remediate security weaknesses at the onset of development and during delivery pipelines.
Not only does the Prisma Cloud Supply Chain Security help provide a full stack, full lifecycle approach to securing the interconnected components, it can also help to identify vulnerabilities and misconfigurations in code.
Organizations can better assess the attack surface of their delivery pipelines and all connected application and infrastructure resources to be better equipped to help prevent supply chain attacks.
Shah also pointed out that implementing Prisma Cloud supply chain security as part of a zero trust architecture is one of the best ways an organization can prevent software supply chain attacks.
Meanwhile, Melinda Marks; ESG Senior Analyst, Application and Cloud Security believes the new enhancements in Prisma Cloud allow DevOps and security teams to fully understand their software supply chains so they can identify and remediate coding flaws to secure their cloud-native applications
As Marks puts it, “a thriving community creating a vast array of open-source software helps developers accelerate their coding and product delivery, but it increases the attack surface if you can’t make sure the code is secure.”