Application security, Cloud Security, MSP

Cortex Cloud Aims to Prevent Application Security Gotchas from Reaching Production

Detecting and fixing faulty, insecure code in enterprise applications as they are being written and put into production is the aim of the new application security posture management (ASPM) capabilities that are coming to Palo Alto Networks’ Cortex Cloud platform.

Using a “prevention-first” mantra, the new Cortex Cloud ASPM module, which is expected to be generally available in the second half of 2025, is designed to proactively halt security-related flaws in new code as they are detected, according to the company. By fixing code flaws early - before they can lead to security risks and vulnerabilities in production - enterprises can build applications faster and more efficiently while saving money that would otherwise be spent tracking down and fixing bad code after it is released, the company says.

The Cortex Cloud ASPM will allow enterprise developer and administrator teams to consolidate their data from preferred code-scanning tools and applications into Cortex’s AppSec partner ecosystem, giving them a centralized platform with broad visibility into their code and development processes. Instead of having to abandon their preferred scanning tools, developers can continue to use trusted scanners from Palo Alto Networks’ AppSec partners, including Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk, and Veracode, according to Cortex Cloud.

Delivering ‘Smart Prevention’

"Application security has always been a challenge,” Sarit Tager, vice president of product management for Cortex Cloud, told ChannelE2E.

"There are often too many alerts and not enough guardrails. Because application security practitioners do not want to block the business, this creates frustration for both developers and security teams. The ASPM offering is about smart prevention, ensuring that you only prevent what poses a risk to your production environment and prioritize remediating what is truly important.”

Cortex Cloud ASPM uses AI to collect, correlate, and align code data from different sources and then identifies blind spots, she said. “Using this comprehensive runtime information, we prioritize the work and create both remediation and prevention plans.”

The Cortex Cloud ASPM is built to handle AI-generated code, including code created with informal vibe coding, she said.

"AI code is unsurprisingly more vulnerable than human-written code,” said Tager. "It frequently relies on insecure open-source packages, hallucinates nonexistent code packages, and introduces errors that can expose organizations to significant security risks if left unchecked. To mitigate these threats, developers must be equipped with strong security tools early in the development lifecycle. Embedding security from the start, combined with automation at scale, is essential to detect and eliminate vulnerabilities before code reaches production.”

Cortex Cloud ASPM, which is available as a SaaS service, will be distributed through Palo Alto Networks’ partner ecosystem, including Managed Security Service Providers (MSSPs) and Global System Integrators (GSIs), she said. The company also offers an Application Security Transporter that enables users to scan on-premises version control systems (VCS), Tager added.

An Important Development in Code Security, Says Analyst

By using AI to address potential security problems in new code and fixing them before that code is published, this is a fascinating new capability, Rob Enderle, principal analyst with Enderle Group, told ChannelE2E.

"This would be a massive game-changer and could be blended with other AI tools that, if implemented properly, could reduce the cost of coding and improve quality significantly,” said Enderle. “By focusing AI on making things better, rather than just increasing the speed of development, they are addressing one of the big problems with AI-generated code—its quality. This will be extremely important as more and more firms use AI for coding. This will be critical for their customers and should provide them with a significant competitive advantage.”

Todd R. Weiss

Todd R. Weiss is a contributing editor to ChannelE2E and MSSP Alert. He is an award-winning technology journalist and freelance writer who covers the full range of B2B IT topics. He served as managing editor at EnterpriseAI.news and was a staff writer for Computerworld and eWeek.com. He is a diehard Philadelphia Phillies, Eagles, Flyers and Sixers fan and says he is the world’s worst golfer.

You can skip this ad in 5 seconds