PEXA relies on Prisma® Cloud for timely threat detection and mitigation across their cloud platform

PEXA (Property Exchange Australia) is a world-leading ASX-listed digital property exchange platform and property insights solutions business. Since 2013, PEXA has facilitated more than 16 million property settlements through the PEXA Exchange in Australia, with 89% market reach, and in 2022 PEXA launched in the UK. The PEXA Group of companies, including .id (Informed Decisions), Value Australia and Land Insight, delivers digital insights and property solutions that help government, financial institutions, banks and property practitioners to unlock the future value of property.

Anish Dharmakkan, Cloud Security Lead, reflects on how the company primarily relied on the Amazon Web Services (AWS) provided tool sets and open-source tools to monitor their cloud infrastructure and detect threats in their cloud platform. “We had a smaller cloud environment and did not have a Cloud Security Posture Management (CSPM) solution. We used AWS-native security services—such as early versions of SecurityHub and GuardDuty—combined with some open-source tools, which relied on us writing extra code. We did not have real-time alerts on configuration changes and limited threat intelligence; what this provided us though was a periodic sweep that would highlight changes from the previous sweep. At first, we had a much smaller cloud environment, but this method did not scale as the cloud footprint grew,” he explains.

The main goal was to ensure that PEXA had the ability to detect and mitigate threats in the cloud platform quickly, as timely threat resolution prevents escalation of threats. In addition to this, PEXA operates in a heavily regulated industry, and they wanted to ensure they had the necessary tools to address the regulatory and auditing requirements that they needed to adhere to. Building this evidence to meet exact requirements was challenging, thus creating a tremendous amount of manual work. In addition to meeting the compliance and audit requirements, Anish and his team also had to put in further man hours to gather and document the details needed to accurately notify the relevant platform owners of misconfigurations and remediation steps. Given that this was a lean team, it proved to be a Herculean task.

Moreover, PEXA was working with siloed tools at different points, making the connection of these data points into meaningful reporting an especially time-consuming undertaking. “Our objective was to find the best tool set for threat detection capabilities and accommodate various industry standards for compliance purposes, and implement an automated solution offering unified visibility. CSPM was gaining traction, and we needed a solution that provided us with reliable data to accurately determine our threat position, while also enabling us to pull audit-ready reports through comprehensive compliance reporting for our auditors. Prisma Cloud was an excellent fit with its intelligence and coverage on cloud resources,” shares Anish.

As PEXA grew, the business drivers for cloud adoption also grew. Anish realized the need to align with a solution that could manage vulnerabilities in existing applications and secure other types of cloud workloads they used—such as serverless and container-based workloads—without having to onboard additional people. The solution needed to address the following requirements:

• Cloud Security Posture Management (CSPM) solution: Detect and alert on misconfigurations, which could lead to compliance violations and potential breaches.
• Threat intelligence, detection, analysis, and prevention: The ability to identify if workloads are behaving irregularly, or if anomalous user behaviors are present.
• Support cloud scalability: Replace existing reliance on native tools combined with open-source tools, with custom-built scripting used to augment or enhance native tool output.
• Single pane-of-glass view: The visibility and ease of management across both the CSP platforms and the container workloads running on them.

Beyond the primary requirements for CSPM, additional capabilities that PEXA considered—for their planned future cloud adoption—were:

• Cloud workload protection (CWP) solution: Protect Amazon Elastic Kubernetes Service (EKS) based container environments and clusters.
• Ease of reporting: Standardize compliance reporting capabilities around the AWS cloud infrastructure to reduce manual processes and time required to satisfy auditing requirements.
• Multicloud: Support for a future multicloud environment strategy, driven by PEXA’s acquisitions.
• Workflow alignment: Integration into existing notification and servicing platform workflows, and direct alerts to the appropriate recipient via the preferred communication channels (JIRA, Slack, Teams, Splunk, and more).

PEXA was mindful of the challenges associated with a growing cloud footprint. They were after a consolidated management tool instead of maintaining separate point solutions, which required manual consolidation for centralized reporting.

As the Cloud Security Lead at PEXA, Anish has considerable experience using AWS. He opted for a scalable solution that could automate their cloud security management, feed purposeful threat intel to the SOC for investigation, and reduce the time imposition of a highly rigorous auditing program. The existing visualization and reporting capabilities from AWS alone proved insufficient for PEXA’s needs and did not highlight red flags at first glance. As such, they turned to Prisma Cloud, which was able to address these risks immediately after deployment.

Having adopted Prisma Cloud for CSPM, Anish looked to expand the capabilities to protect the cloud workloads— detecting vulnerabilities in existing cloud and application infrastructure and adding runtime guardrails. Anish understood the criticality of early threat detection and data correlation in managing their container vulnerabilities in runtime, and had identified that Palo Alto Networks feeds a comprehensive threat intelligence stream into CWP capabilities. This intel feed cross-references vulnerability data from over 40 upstream providers, via different industry sectors, vendors, and technology partners.

"Prisma Cloud is an easy plug-and-play solution that allows one to identify and secure where there are publicfacing cloud assets, enabling us to have a more robust risk management strategy. Where logging is not enabled, Prisma Cloud performs user entity behavior analysis (UEBA) to identify unusual user activity. The audit logs generated by Prisma Cloud helps us greatly with our compliance requirements—it not only lists actions initiated by administrators—it can also benchmark certain actions of users without our cloud environments and alert us to deviations,” Anish says.

The solution also helps with contextualization of cloud workload vulnerabilities; information received via the intelligence stream is combined with an environment-specific risk prioritization matrix. “Prisma Cloud enables us to identify affected areas, determine the most critical risk factors in our environment, and assess the potential scope of an attack. This empowers us to prioritize our response efforts and address the vulnerabilities that pose the greatest threat,” adds Anish.

Prisma Cloud helped PEXA expand their cloud footprint without having to invest in recruiting additional resources, while at the same time improving on the existing security posture and providing a unified view of security. With an industry-leading cloud-native application protection platform (CNAPP), PEXA now also has an integrated approach to web application and API security.

As cloud security evolves, Prisma Cloud has been enhanced dramatically to ensure the best value and outcomes for customers. “The Customer Success team has been instrumental in ensuring that PEXA moves along a strategically aligned adoption growth trajectory. They have established a strong rapport and demonstrated cross-team collaboration. Maintaining a strong partnership with Customer Success has proven to be valuable to explore how these enhancements can be leveraged and applied at PEXA,” elaborates Anish.

PEXA wanted another engine in the mix that could validate misconfigurations, detect workload vulnerabilities, analyze anomalous behavior, and isolate threats—and provide suitably informative alerts. With Prisma Cloud, PEXA can prioritize these alerts to ensure that the team can focus on significant events that need their attention first. Through alert fine-tuning, the alerting volumes are falling. And with the Code Security capabilities allowing them to scan infrastructure as code (IaC) for misconfigurations, introduced issues are less frequent too as the security mechanisms “shift-left.”

PEXA has recently completed acquisitions, and with Prisma Cloud able to secure hybrid and multicloud architectures, it supports the cloud infrastructure they inherit with an acquired entity, and allows them to neatly fit them into an established cloud security framework. Prisma Cloud also supports the security requirements relating to serverless workloads and API-driven microservices, which the organization is set to expand upon in the future.

Support for audit and regulatory requirements while enjoying time savings

As PEXA deals with payments and settlements, they need to adhere to numerous compliance frameworks for their infrastructure and application security. Post their implementation of Prisma Cloud, PEXA achieved SOC 2 and ISO27001 certification. With PEXA’s expansion into the UK, there were considerations needed for GDPR compliance, and Prisma Cloud was able to help PEXA address these regionally specific compliance needs.

As a heavily regulated financial services operator in Australia, PEXA undergoes regular audits with external parties. Prisma Cloud supports the following local compliance standards in the Australia and New Zealand (ANZ) region, out of the box: Australian Prudential Regulatory Authority (APRA) CPS 234, Australian Cyber Security Centre (ACSC) Information Security Manual (ISM), and ACSC Essential Eight for platform security.

Prisma Cloud is able to automate periodic reports to select recipients for either audit or compliance purposes, which can be presented to auditors, C-Level executives, or even the board. With these automated reports, this significantly cuts down the time they previously needed to produce the necessary reporting.

Leveraging a shift-left approach

For PEXA, CSPM addressed an immediate requirement by providing visibility on running cloud environments and highlighting any misconfigurations that could leave them exposed. Further, CWP helped to detect vulnerabilities in running containers and prioritize them based on environmental factors, such as blast radius, exploitability, and the complexity of executing the exploit.

However, with the addition of code security, Anish has been able to apply security checks preruntime, recognizing vulnerabilities in the codebase and addressing them preproduction, rather than discovering CVEs in running applications and working backwards through dependencies to establish a point of origin. This results in less userintroduced vulnerabilities, and as a result, a lower level of downstream alerting that doesn’t increase headcount pressure—even as their cloud footprint rapidly expands. Combining a shift-left approach with risk prioritization can assist in both a system of multiple checks across the continuous integration and continuous delivery (CI/CD) process, as well as mitigating alerting volumes on production systems for incident response teams.

Being aligned with banking and financial services, PEXA has extensive obligations to their customers and auditors. Prisma Cloud provides PEXA with a comprehensive threat intelligence feed, automates, and secures the addition of new cloud resources in their cloud environment while providing compliance standards coverage to satisfy auditing requirements and automate reporting that was once a manual process.

The PEXA product range represents a model of API-centric applications leveraging microservices, replacing the less agile on-premises platforms of the past. The complexity of related architectures adds security complexities as well. That is why it is important to give organizations like PEXA the capability to apply security controls at the various points in the Software Development lifecycle (SDLC)—from code to cloud.

Anish explains, “Our future focus at PEXA is on API-first growth that will underpin our move away from monolithic platforms of the past. This in turn lends itself to strengthening our CWP capabilities that include container and serverless defenders, WaaS-based capabilities, and IaC scanning.”

Over time, PEXA’s Prisma Cloud footprint has quadrupled. With acquisitions, this is expected to grow even more. With the help of Prisma Cloud however, Anish has not had to expand the headcount of his team to accommodate the security overheads relating to this growth. PEXA looks to Palo Alto Networks as their partner of choice when it comes to cybersecurity and has started to consolidate multiple point products with best-in-breed solutions from Palo Alto Networks.