How ElevenPaths engineered cloud security as a service with Prisma Cloud

ElevenPaths is Telefónica’s cybersecurity company, part of the Telefónica Tech holding, which brings together the digital businesses with the greatest growth potential in the company. In a world where cyberthreats are inevitable, as a leading MSS and MDR provider, ElevenPaths focuses on preventing, detecting, responding to, and diminishing the possible attacks its customers face. The company guarantees the cyber resilience of its customers through integrated platforms with 24/7 support entirely managed from 11 security operations centers (SOCs) around the world, working together as a unified global iSOC to provide both local and global reach. As of 2020, ElevenPaths has around 2,000 cybersecurity professionals globally who help secure more than 60,000 businesses around the world with over 5 million endpoints protected between end user devices, app servers, IoT, and cloud workloads.

ElevenPaths needed to transform its cybersecurity services for cloud environments to cover the new challenging threats that the cloud brings. Traditional security tools and approaches left ElevenPaths without the right combination of visibility and control to secure its clients’ cloud native innovation and infrastructure.

When choosing a Cloud Native Security Platform (CNSP), ElevenPaths was looking for a solution that would centrally manage and organize alerts and configurations so they wouldn’t have to secure its customers’ cloud environments piece by piece. Additionally, automation was a key requirement so ElevenPaths could immediately respond to detected threats and update KPIs as quickly as the slightest variation could be measured in the cloud. ElevenPaths found this solution in Prisma Cloud. Since cloud workloads are dynamic, cloud security responses must be, too. For this purpose, ElevenPaths started using the powerful Prisma Cloud API, which allowed the company to collect alerts generated by its custom policies in near-real time in a consolidated and clear manner.

ElevenPaths’ Cloud MSS, its world-class cloud native managed security service, uses Prisma Cloud as part of its iSOC technology stack. Through the integration engineered by ElevenPaths, Prisma Cloud helps deliver the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across hybrid and multi-cloud environments for all ElevenPaths customers, with global reach via the company’s distributed SOCs.

ElevenPaths’ Cloud MSS provides customers with cloud native security adapted to IT and business needs, integrating powerful partner technology, such as Prisma Cloud, standardized cloud security policies, and 24/7 management by in-house SOC analysts, to deliver paramount protection, detection, and response.

With customers’ nonstop increase in cloud adoption, ElevenPaths felt the urge to build a top-performing managed service that leveraged their market-leading expertise and native controls to tackle the brand-new challenges that cloud security brings. For this purpose, ElevenPaths has not only invested in enhancing its SOCs’ cloud security processes and teams, but also integrated native technology in its service platform, including Prisma Cloud as a cornerstone for unified visibility and control of hybrid cloud environments and workloads.

Everyone is accelerating to capitalize on the cloud’s opportunities—speeding to create new value through products and services. Today, nearly half of all workloads are in the cloud, expected to grow to 64% in 2022. As a cybersecurity company and managed security services provider (MSSP), ElevenPaths felt the need to innovate its cloud security services to cover the incoming challenges. In 2018, the company’s transformation to a cloud native MSSP began.

Traditional security tools and approaches left ElevenPaths without the right combination of visibility and control to protect runtime environments and extend security across the full application lifecycle for its clients around the globe. Like most MSSPs, ElevenPaths found itself trying to secure its customers’ cloud environments piece by piece with an extensive portfolio of traditional security technology and point solutions from many independent vendors. However, each of these solutions introduced its own alerts and configurations—all of which needed to be managed from each SOC—with no ability to customize centralized policies or analyze risks in one place. This resulted in security gaps and forced cloud security analysts to expend valuable time mitigating risks inherited by misconfigured cloud services, insecure cloud native applications, and outside threats.

With the understanding that a different, consolidated approach was required to effectively secure its clients’ cloud environments, ElevenPaths began the search for a comprehensive cloud native security solution to integrate into its Cloud MSS technology stack. The aim was to simplify the layering of its own multi-cloud intelligence, management, and automation processes to effectively lead to an industry-leading cloud native security service.

The confidence to embrace any cloud native application architecture requires a comprehensive security solution that protects the full cloud native stack across the whole lifecycle, in and across any cloud. In full agreement with this philosophy, ElevenPaths predicted that Prisma Cloud would be a great match. The company started evaluating the platform in its cloud security lab, where analysts continuously investigate new cloud threats along with the fitness of the company’s Cloud MSS technology stack. With its breadth of fully integrated capabilities, Prisma Cloud provides a cloud native security solution that ElevenPaths uses to fuel its world-class services.

Cloud Security Posture Management (CSPM)
ElevenPaths immediately realized that cloud service provider-specific technology was not enough to protect its customers. Most companies today opt for multi-cloud strategies, with 60% of organizations using between two and five cloud platforms to meet developer preferences and varying business objectives. ElevenPaths added Prisma Cloud CSPM capabilities as a tool to customize multi-cloud visibility and governance processes. As a result, the company can now engineer complex cloud security policies into a single pane of glass and gain comprehensive visibility across all environments for detailed analysis.

Cloud Workload Protection Platform (CWPP)
ElevenPaths quickly realized a trend among its customers: The use of ephemeral and highly scalable microservices, such as containers, serverless deployments, and other cloud native infrastructure. To deliver workload-agnostic security across the full development lifecycle, ElevenPaths uses Prisma Cloud CWPP capabilities in its offering. The detailed workload visibility gained through the platform allows ElevenPaths SOC analysts to customize client-specific microsegmentation policies based on observed communication patterns as well as identity enforcement, process control, and data integrity through workload behavior analysis. Moreover, ElevenPaths can not only customize workload hardening policies for its customers, but also provide real-time intelligence through ingesting data from the deployed Prisma Cloud Defender (the Prisma Cloud agent) into its own feeds. This has helped improve protection against live threats in customers’ cloud environments as well as those discovered within Telefónica’s global communications network.

For ElevenPaths, automation was a key requirement for its service. The company wanted to be able to immediately respond to detected threats and update KPIs as quickly as the slightest variation could be measured in the cloud. Indeed, if cloud workloads are dynamic, then cloud security responses should be, too. For this purpose, ElevenPaths started using the powerful Prisma Cloud API, which allowed the company to collect alerts generated by its custom policies in near-real time.

Additional automated cloud security detection and response use cases include:

• Forwarding all generated cloud security alerts to Cortex® XSOAR, the Palo Alto Networks global security orchestration, automation, and response (SOAR) platform, to trigger a portfolio of automated playbooks that ElevenPaths has developed to remediate common cloud security risks for its customers.
• Logging alerts into the Cloud MSS Portal to create custom reports and dashboards for customers, thus satisfying business-specific KPIs and reporting requirements
• Integrating third-party intelligence sources from customers’ IT security environments (e.g., endpoint events, firewall logs) into the ElevenPaths Global security information and events management (SIEM) to help correlate events to cloud native security alerts, providing 360-degree context into each customer’s IT environment—including the cloud as an integrated source.

For ElevenPaths, a partnership with Palo Alto Networks simply made sense. Prisma Cloud is the industry’s most comprehensive CNSP with the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across hybrid and multi-cloud environments. By integrating all of the Prisma Cloud capabilities into its Cloud MSS service, ElevenPaths was able to seamlessly transform into a leading cloud native MSSP with full coverage of all environments, giving customers a cutting-edge approach to cloud security that mixes management, intelligence, and automation as a service, globally and at scale.

To learn more, visit paloaltonetworks.com/prisma/cloud.