Container adoption is on a serious rise, which is why Palo Alto Networks is releasing CN-Series, the containerized version of their Machine Learning-Powered Next-Generation Firewall (NGFW), designed specifically for Kubernetes environments. It’s a significant development because, according to Gartner, in the next three years, the vast majority of organizations will be running multiple containerized applications in production.
Palo Alto Networks believes that complete container security requires the following protections:
- Vulnerability Management – Manage vulnerabilities and prioritize risk at runtime, as well as implement container images scanning and enforcement as part of build and deploy workflows.
- Runtime security – Protect running containers and the host OS by building a baseline of application behavior to alert on and prevent anomalous or unwanted activity.
- Identity-based microsegmentation – Reduce your attack surface by limiting east-west traffic based on the machine and application identity.
- Layer 7 inspection and threat protection – Use full layer-7 network security and threat protection capabilities delivered by NGFWs to protect the allowed connections from threats, exploits, malware and data exfiltration.
The release of CN-Series is part of Palo Alto Networks’ ongoing commitment to securing cloud applications. They acquired the world’s best container security company Twistlock and integrated it into Prisma Cloud to provide shift-left and runtime protection capabilities for hosts, containers and serverless. Then in December of 2019, they acquired Aporeto and are integrating identity-based microsegmentation capabilities into Prisma Cloud as well. And now, they are launching CN-Series, a containerized form factor of their industry-leading NGFW and the industry’s first next-gen firewall for Kubernetes. This ensures customers have access to a complete container security stack.
As the industry’s first NGFW built specifically for Kubernetes environments, CN-Series firewalls leverage deep container context to protect inbound, outbound and east-west traffic between container trust zones (i.e. between namespaces, or between PCI-infected apps and non-PCI apps), along with other components of enterprise IT environments.