Palo Alto Networks is excited to announce a valuable integration for customers with Google Cloud Application Load Balancer and Service Extensions.

Google Cloud stands at the forefront of engineering solutions that enable organizations to maximize the benefits of cloud-based systems. At the Google Next ‘24 event, Google unveiled its Service Extensions for Load Balancing, enhancing its widely utilized Load Balancing solution. These Service Extensions offer comprehensive visibility into network traffic and facilitate seamless integration, presenting a significant advancement for cybersecurity providers globally.

At the same time, Palo Alto Networks is dedicated to securing customer cloud infrastructures and our code-to-cloud Prisma Cloud platform includes an integrated API security module. So to improve API security even further, Prisma Cloud and Palo Alto Networks have partnered with Google Cloud on an integration for customers featuring the Google Cloud Application Load Balancer and the new Service Extensions feature, extending protections for any cloud application running on Google Cloud.

Extending Application Load Balancers for Better Cybersecurity

Google Cloud Service Extensions has made Application Load Balancers extendable. With extensions Palo Alto Networks can examine network traffic and use an external callout sensor to detect and prevent malicious network activity. An Application Load Balancer with an external sensor creates firewall-like capabilities.

Prisma Cloud API Security With Improved Visibility and Insight

The Prisma Cloud API Security module is known as WAAS (Web Application and API Security). By connecting a WAAS sensor to Google Cloud Service Extensions we can create both greater visibility into the API inventory for customers, and deliver better insights to detect events like SQL injection (SQLi), denial of service (DoS) attacks, bot protection, and more.

Some API Security must-have capabilities that Prisma Cloud delivers to our customers include:

• Discovery— Map the API attack surface. Catalog and characterize a web system’s API and its vulnerabilities.
• Detection—Identify API traffic to detect anomalies and potential threats to ensure timely response and mitigation.
• Prevention—prevent attacks in real time or near real time. Preemptively thwart potential attacks by implementing robust defenses.

Prisma Cloud Inspects Traffic Without Disrupting Application Workloads

Listening to and inspecting HTTP traffic is a complex challenge because it often requires running security agents on workloads to inspect the HTTP data. This process can consume cloud resources and may potentially disrupt the workloads, adding risk and potentially resulting unpredictable outcomes for the client (​​a computer or a program).

By integrating with Google Load Balancer Service Extensions, Prisma Cloud can use an agentless approach to effectively listen to and inspect all HTTP traffic with little effort and without directly impacting the client's workload.

Cloud Load Balancing Data Paths and Service Extensions

Prisma Cloud introduces a callout sensor to integrate with the Google Cloud load balancer service extension and efficiently handle HTTP traffic data. This server implements the Envoy request and response interfaces to properly receive the traffic data. Envoy proxy is widely recognized as the standard for proxying and load balancing, and is used by Google as the underlying technology for its load balancer architecture.

Using a gcloud command Prisma Cloud establishes the connection between the application load balancer and the callout sensor. This command will attach a load balancer to a callout sensor using the service extension.

Once successfully activated, the callout sensor will receive HTTP traffic data from the application load balancer, allowing Prisma Cloud to efficiently inspect the HTTP data.

When using the Google Cloud console, we can see all the parts comprising the load balancer.

The frontend configuration shown in the console aligns with the underlying “forwarding-rule” cloud object, which is the actual object being extended.

Integration with Prisma Cloud

Our Palo Alto Network sensor analyzes the incoming data, identifies new API endpoints, and detects potential API attack events such as SQL injection, denial-of-service (DoS), bot activity, command injection, and more. After gathering this intelligence, the sensor then passes the findings on to the Prisma Cloud security platform.

Once Prisma Cloud receives the discovered APIs and their associated events, security and cloud teams can:

• See a comprehensive security overview of the API landscape for all identified APIs
• Correlate events for every API in a web application context
• Identify the type of asset every API originated from
• Gain visibility to attack paths, including API activity

Prisma Cloud is Better Together with Google Cloud

As Google Cloud's 2024 Global Technology Partner of the Year, Prisma Cloud and Palo Alto Networks have established a strong relationship with Google Cloud. This collaboration on Service Extensions further enhances that partnership, giving customers greater visibility into their APIs and API risks.

Learn More

Want to learn more about our Prisma Cloud WAAS offering? Get started with our WAAS solution brief, and let us know what you think.

The post Beyond Visibility: Proactive Cloud Workload Security in the Real World appeared first on Palo Alto Networks Blog.