This section describes the new features and updates of the Cortex Cloud Posture Management 1.1 release.
The Cortex Cloud Posture Management 1.1 release includes the following highlights:
FEATURE | DESCRIPTION |
|---|---|
Cloud Security and Posture Management |
|
Remediation & Automation | New built-in automation capabilities featuring executable commands, scripts, quick actions, and playbooks allow customers to accelerate the resolution of their security issues. Customers can use these capabilities directly from Cortex Cloud to mitigate common issues (e.g. publicly exposed S3 buckets) using issue investigation war rooms, or select them to auto-trigger a response to an issue using automation rules. |
Compliance |
|
Cloud Workload Protection |
|
Web Application & API Security |
|
AI-SPM | AI-SPM now detects AI API keys embedded in risky serverless functions, enabling organizations to identify and mitigate excessive AI agency and potential security risks. |
Data Security & Posture Management | Expanded support for Snowflake asset types, along with new detection rules to further secure data across cloud databases as a service (DBaaS), ensuring stronger protection and compliance. |
Dashboards & Reporting | New dashboards are now available for the Data, Identity and AI Security Posture modules, providing key insights into top security issues related to sensitive data, human and non-human identities, and AI pipelines for better security posture management. |
The Cortex Cloud Posture Management release includes the following enhancements:
General
FEATURE | DESCRIPTION |
|---|---|
|
|
Kubernetes Connector automatic upgrade | Never miss a Kubernetes connector update by enabling the connector to automatically upgrade when new versions are released. |
Enhanced security with agentless scanning | Agentless scanning is now available for Cortex Cloud Runtime Security, enabling rapid assessment of cloud environments for security risks without agent installation or management. It provides quick discovery, deployment, vulnerability detection, comprehensive visibility, and streamlined risk mitigation in your cloud environment, all without the need for software agents. |
Secure cloud access with dedicated IP allocation | You can now allocate dedicated IP addresses in Azure, GCP, and AWS cloud services for secure cloud access simplifying integration and enhancing security by providing predictable access points. This capability provides transparent tracking with detailed telemetry and audit logs for IP reservations and usage. |
Vulnerability management enhancements |
|
New widget capabilities | Dashboard and report widgets are enhanced with the following new capabilities:
|
AI Security
FEATURE | DESCRIPTION |
|---|---|
Cortex Cloud AI Security dashboard updates | New functionality and a new look and feel have been added to the Cortex Cloud AI Security dashboard. Now key insights into the AI ecosystem and top security issues related to AI pipelines provide better security posture management. |
Support for self-managed models | You now have visibility into AI models hosted on disks and volumes. Cortex Cloud AI Security performs model detection for multiple AI models as part of Agentless Disk Scanning (ADS). You can view AI model findings and prioritize issues, enhancing your data security posture through informed decisions and efficient remediation. |
Data Security
FEATURE | DESCRIPTION |
|---|---|
Updated Cortex Cloud Data Security dashboard | New functionality has been added to the Cortex Cloud Data Security dashboard, providing key insights into top security issues related to sensitive data for better security posture management. |
Azure SQL data classification | Cortex Cloud Data Security performs data classification on Azure SQL instances, providing visibility into data stored in Azure SQL instances. You can view Azure SQL findings and prioritize issues by considering data patterns and data profiles that are found in them. This enhances your data security posture through informed decisions and efficient remediation. |
AWS DynamoDB data classification | Now you can access information from AWS DynamoDB. Cortex Cloud Data Security conducts data classification on AWS DynamoDB databases. You have the ability to review findings from AWS DynamoDB databases and address issues based on data patterns and profiles discovered within them. This boosts your data security by enabling well-informed actions and effective remediation. |
Self-managed databases data classification | You have gained visibility into the data stored in databases located on disks and volumes. Cortex Cloud Data Security performs data classification on multiple database engines as part of Agentless Disk Scanning (ADS). You can access findings from self-managed databases and prioritize issues by examining their data patterns and profiles. This strengthens your data security posture through informed decisions and efficient remediation. |
Data pattern inventory | You can now view all of the inventory from the perspective of data patterns (IP addresses, email addresses, billing information, and PII details). From this page, you can see where each of your data patterns is stored, how many assets of that pattern Cortex Cloud Data Security has discovered, and what are the risk levels associated with it. You can also access a map view of the active regions in which these data patterns are stored. |
Error logging and visibility | You now have the ability to review errors that are hindering Cortex Cloud Data Security from conducting data classification for supported data assets. For each asset, you can access detailed error information and corresponding remediation steps. |
Identity Security
FEATURE | DESCRIPTION |
|---|---|
Entra ID permissions | Gain full visibility into Entra ID permissions regarding various permissions in your environment. You can now identify admins as well as analyze and assess risk in your Entra ID identities and permissions. |
Last access | Track the last usage of cloud identities and permissions to reduce excessive and unused privileges. |
Additional identity attributes | New attributes have been added to the several identity assets (inactive human identity, last used cloud service accounts, counting access to services and resources). |
Logging inactive human identity information on Azure | Support was added for logging inactive human identity information on Azure. Awareness of inactive human identities is crucial for maintaining a strong identity security posture and protecting sensitive information from unauthorized access or misuse. Being mindful of inactive human identities in Identity security is essential to mitigate security risks, comply with regulations, optimize resources, prevent insider threats, and enhance incident response. |
Application Security
FEATURE | DESCRIPTION |
|---|---|
Third-party data ingestion for Cortex Cloud Application Security | Cortex Cloud now supports ingesting findings from third-party AppSec vendors:
Once the findings are ingested, Cortex Cloud Application Security applies policies to create actionable issues. |
Application Security default policies | Default Cortex Cloud Application Security policies have been added. Based on industry best practices, these policies help you get up and running quickly by enabling immediate detection of vulnerabilities in your SDLC. This allows you to focus on and prioritize critical application security issues while also supporting automated blocking of pull requests and CI builds. |
Cortex Cloud Application Security dashboard | The Cortex Cloud Application Security dashboard new version aligns with the needs of the AppSec practitioner, prioritizing AppSec workflows and data to enable faster insights and decision-making. It now provides a summary of application security assets and top associated risks, with issue and policy widgets for detailed insights. |
Data source instance health status | You can now proactively monitor the health of your Application Security data source instances, including the status of individual or multiple repositories, with the data source instance health status feature. This enables rapid identification and resolution of potential issues, ensuring continuous data source reliability. |
Repository scan configurations | You can now customize repository scans to tailor your scans to your specific needs:
|
External Data Ingestion and Management
FEATURE | DESCRIPTION |
|---|---|
New RBAC Dataset Views | Cortex Cloud Posture Management now supports creating Dataset Views in the Dataset Management page to enhance data efficiency and security. Dataset Views provide a virtual representation of data from one or more datasets, based on the XQL query defined, and provide multiple benefits, such as joining datasets into logical subsets through defined queries, manipulating data without altering underlying datasets, and segregating data for specific user needs or access privileges through the Role-based access control (RBAC) settings. |
Extended Registry Scanning Coverage | Registry scanning now supports all Docker V2-based registries and includes a dedicated connector for JFrog, expanding the scope of your security coverage. |
Cortex Query Language (XQL)
FEATURE | DESCRIPTION |
|---|---|
Enhanced XQL time picker | When building Cortex Query Language (XQL) queries, the time picker now includes:
|
XQL auto-suggestion improvements | When creating a Cortex Query Language (XQL) query, you can now:
|
New XQL series based graph results in Widgets | Custom Cortex Query Language (XQL) widget creation now includes enhanced graph results with the ability to define an optional parameter known as Series in the Chart Editor. This feature allows users to specify a field (column) to group chart results based on y-axis values. Additionally, the Series parameter is now integrated into the view graph type stage for improved functionality. |
New datasets for XQL queries | New customers can leverage XQL for flexible and adjustable playbook and script tracking. The following datasets are available for querying and dashboards:
|
API
FEATURE | DESCRIPTION |
|---|---|
New API capabilities | Cortex now provides the following capabilities using the public API for automating common processes:
|
Download Software Bill of Materials (SBOM) using the API | Identify risks on your assets by downloading an SBOM for any asset in JSON or XML formats, using the API. |
Streamlined automation with new Application Security APIs | Enhance your security operations and automation capabilities using the new Application Security APIs to optimize the management of data sources, rules, policies, and scans. |
API Specification Management | The API Security module now includes a comprehensive API specification inventory, with automatic static analysis to identify misconfiguration risks effortlessly. This enhancement provides customers with a more detailed and organized overview of their APIs definitions ensuring the early detection of configuration issues that could lead to security vulnerabilities. |
API Testing in Cortex CLI | API testing capabilities have been added to the Cortex CLI tool, enhancing the efficiency and effectiveness of API security assessments. This new feature allows users to seamlessly integrate API testing into their existing workflows, ensuring that APIs are robust and secure. Customers benefit from streamlined testing processes and quicker identification of potential security flaws within their APIs. |