Cortex Cloud Introduces the Third Wave of CNAPP Innovation

By 
Mar 19, 2025
8 minutes
... views
Cloud Security
Cloud-Native Application Protection Platform
Innovation

Nearly six years ago, Prisma Cloud set the bar for cloud security, building what would soon be recognized as an entirely new market category with CNAPP. That was the first wave of innovation, securing infrastructure, workloads and identities. Then came the second wave, shifting left into development to secure code and moving into data and AI security.

Now, we bring you the third wave of CNAPP innovation. Cortex Cloud is the world’s leading CNAPP extended beyond today’s ‘peace-time’ approaches by bringing CDR/Runtime protection to the forefront of cloud security, expanding on what Prisma Cloud pioneered. Built on the industry-leading Cortex SecOps platform, it bridges the final gap between Cloud and SOC for real-time detection, investigation and response, while continuing to set the standard for independent, multicloud security from the world’s leading cybersecurity company.

As cloud threats have evolved and grown more sophisticated, Palo Alto Networks has remained at the forefront, keeping customers protected by continuously pushing the boundaries of CNAPP innovation. Let’s see where it started, how far we’ve come, and how we’re doubling down on cloud security to take it into the future.

The First Wave: Where It Began

Bringing Control to Cloud Security

It’s 2018. Organizations have one or both feet in the cloud, seeking to shorten the time to market and enable expansion. Misconfigurations, though — many stemming from default cloud settings — leave critical exposures. Responding to the need for visibility into cloud-native environments, Palo Alto Networks launches Cloud Security Posture Management (CSPM).

Security teams faced a fundamental challenge: the lack of a standardized way to enforce proper configurations at scale. Unlike on-premises environments where IT security follows centralized workflows, cloud infrastructure ownership was spread across teams, making security oversight complex. Cloud providers had established secure configuration frameworks, but their enforcement tools were limited.

CSPM changed this. By continuously monitoring, enforcing and remediating cloud risks, it gave teams the ability to proactively manage their security posture. Compliance with CIS and NIST benchmarks became achievable. Organizations could now accelerate deployments, iterate faster, and adapt to business demands — without compromising security.

Breaking New Ground

Securing infrastructure was only part of the equation. As organizations embraced cloud-native architectures — containers, serverless functions and other modern compute frameworks — the attack surface evolved. Applications, no longer confined to traditional virtual machines, introduced new security challenges that existing tools weren't optimized to address. Palo Alto Networks responded with Cloud Workload Protection (CWP), extending security beyond infrastructure to safeguard cloud-native applications from web and API attacks.

Bringing CSPM and CWP together marked the birth of Prisma Cloud, the first holistic cloud security platform — an early vision and foundation for what Gartner would later define as the cloud-native application protection platform, or CNAPP.

Pushing Boundaries in Identity Security

The cloud landscape matured, making clear that identity and role-based access control were critical attack vectors. Many cloud breaches started with compromised privileged roles that opened doors for attackers to escalate privileges and move laterally across cloud environments. Efforts to secure both human and machine identities led to the addition of Cloud Infrastructure Entitlement Management (CIEM) to Prisma Cloud.

With CIEM, organizations could understand net effective permissions, enforce least-privileged access, monitor and mitigate overly permissive roles — and all from the same platform that maintained their security posture and monitored their cloud runtime activity.

First Wave of cloud security innovation
Figure 1: First Wave of cloud security innovation

But securing infrastructure, workloads and identities wasn’t enough. Security needed to shift-left and secure applications from the first lines of code. Organizations couldn’t afford to wait until runtime to detect misconfigurations or vulnerabilities. The second wave of CNAPP innovation expanded protection from code to cloud.

The Second Wave: Securing Unstoppable Growth from Code to Cloud, Data to AI

Rethinking Cloud Security from the Code Up

With cloud ownership decentralized across teams, organizations struggled with reactive security fixes as teams continuously identified misconfigurations and vulnerabilities post-deployment, which led to long remediation cycles.

DevOps teams had historically owned and managed cloud infrastructure, often without centralized security oversight. Palo Alto Networks, particularly those of us on the Prisma Cloud team, saw the need for security to start in development, at the code level before applications were deployed. Shifting left wasn’t a new concept, but the cloud made shifting left critically important. Only a few security tools on the market, however, had gained traction with DevOps (one being Checkov, a leading policy-as-code engine that served as the code security foundation of Prisma Cloud).

Driven to empower developers and engineers to build secure code by design — defining policies during application development, rather than reactively fixing misconfigurations in production — we integrated Infrastructure as Code (IaC) Security into Prisma Cloud. And in doing so, we aligned security and DevOps teams. We also redefined CNAPP, taking it from a runtime to a Code to CloudTM solution.

From here, Prisma Cloud added Software Composition Analysis. We then took on the delivery pipeline, introducing CI/CD Security, which offered unmatched visibility into engineering environments to protect against the OWASP Top 10 CI/CD Security Risks and more.

Securing AI, Powering Security with AI

Once again, though, the attack surface took on new dimensions. The volume of sensitive data stored in and moving through the cloud had skyrocketed, forcing organizations to rethink their security strategies. Just as they began to assess the risks, generative AI went mainstream, introducing new challenges as AI-driven applications proliferated.

Prisma Cloud moved in with Data Security Posture Management (DSPM) to help organizations discover, classify and secure cloud data at scale. On its heels, we introduced AI Security Posture Management (AI-SPM) to safeguard AI models and applications from emerging threats.

Second Wave of cloud innovation
Figure 2: Second Wave of cloud innovation

While security capabilities advanced, the skill gap widened. Security teams without deep cloud expertise struggled to interpret findings, prioritize risks and take action. Prisma Cloud Copilot changed that.

Throughout Prisma Cloud’s journey, AI and machine learning have played a role in improving automation and security insights. The introduction of Prisma Cloud Copilot marked another leap forward, providing a natural language interface to help security practitioners assess threats, gain actionable guidance and make informed decisions.

But even with a secure by design approach, inevitable zero-day threats sent teams scrambling to understand their exposure and whether they could shut them down fast enough. The inability to answer make-or-break questions during wartime, when the clock is ticking, led to the third wave of CNAPP innovation: integrating cloud security with best-in-class CDR-runtime protection unified with the leading SecOps platform.

The Third Wave: Uniting Cloud Security with Best-in-Class CDR/Runtime Security for Real-Time Protection

For more than five years, Prisma Cloud defined what CNAPP could be. It set the foundation, proving that cloud security must be unified, end-to-end and built for the scale and speed of modern cloud environments. But security challenges didn’t stop evolving. Neither did we.

Threats continue to grow more sophisticated, escalating the need to reduce the overall attack surface. That means prevention. It means getting out front and preventing incidents with best-of-breed CDR and runtime protection.

Organizations no longer have the luxury of posture-centric cloud security, detached from enterprise security operations. When facing active attacks, seconds matter and silos kill response time. Still, today, many organizations find themselves splitting accountability — a cloud security team managing posture risks, while a separate SOC scrambles to prevent active threats without real time protection in place.

Cloud Security Without Silos

Cortex Cloud closes that gap. By bringing real time protection to CNAPP with the best-in-class XDR agent, security teams gain the ability to prevent threats before they become breaches. And with Cloud Detection and Response (CDR), we give organizations the ability to detect, investigate and respond to cloud threats in near real time.

But the game changer is making CNAPP an extension of the enterprise SOC. Now, for the first time, peace-time and war-time functions are united, so teams not only see vulnerabilities but also which vulnerabilities actively put their environments at risk. Security is more than monitored. It’s understood. It’s prioritized and acted on in real time — not through fragmented alerts, but through a single, continuous security operation.

Security teams shouldn’t have to choose between knowing a cloud misconfiguration exists and knowing whether it’s being exploited. They shouldn’t have to manually stitch together insights from separate teams while an attack unfolds. By unifying CNAPP with SOC workflows, Cortex Cloud takes cloud security from reactive mode and puts it on offense.

Third Wave: Code to Cloud to SOC powered by unified data, AI, and automation
Figure 3: Third Wave: Code to Cloud to SOC powered by unified data, AI, and automation

 

Going All In — As Always

Cortex Cloud is CNAPP supercharged. It takes everything Prisma Cloud pioneered — visibility, prevention, governance — and fuses it with industry-leading CDR for real time cloud security. Built on the Cortex platform, it delivers something that hasn’t been seen before, a unified solution spanning code to cloud to SOC.

Because here’s the thing, cloud security isn’t separate from security operations. It is security operations.

And that’s the future we’ve built. Come take a tour and see for yourself.

Related Resources

 

Related Blogs

Cloud Native Application Platform, Cloud Security

Tame Complexity, Turbocharge Security: Prisma Cloud Copilot

CDR, Cloud Runtime Security, Cloud Security

Cloud Runtime Security Without Tradeoffs

Announcement, Application Security, Cloud Security, CNAPP, News and Events, Product Features, Products and Services

Introducing Cortex Cloud — The Future of Real-Time Cloud Security

Cloud Security, Cloud Workload Protection, Cloud-delivered Security, Mobile Users, Points of View

Protecting Web-Based Work

Cloud Security, Points of View, Predictions

Forecasting the 2025 Cloudscape

Cloud Security, Compliance, DevSecOps

Shifting Security Left with Prisma Cloud and HashiCorp Packer

Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts