International. Palo Alto Networks announced Cortex Cloud Application Security Posture Management (ASPM), an application security module designed to automatically block issues before they reach production. The tool enables security leaders and developers to address risks before deploying applications in cloud and AI environments.
Cortex Cloud ASPM incorporates an open ecosystem of AppSec partners, allowing you to consolidate data from third-party code scanners into a single platform. Partners include Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk, and Veracode.
The company indicated that this solution is based on Cortex Cloud, which combines its cloud-native application protection platform (CNAPP) and its cloud detection and response (CDR) capabilities. As part of the unified Cortex platform, users access data spanning code, cloud, and security operations (SOC).
"As AI-generated code compresses application development from months to hours, security must evolve to protect the speed of innovation. Equipped with an industry-leading CNAPP, best-in-class CDR, and now prevention-first ASPM, Cortex Cloud offers the most comprehensive approach to cloud security and automatically stops risks before they reach production with end-to-end visibility across the entire application lifecycle," said Sarit Tager, vice president of product management at Palo Alto Networks.
Among the benefits pointed out by the company are:
Proactively prevent security issues from reaching production by applying specific barriers without slowing down development.
Identify critical and exploitable risks, correlating findings from native and third-party scanners with code, cloud, runtime, and business context information.
Automate corrections at every stage of the application lifecycle, reducing manual intervention.
"The risks of applications coming into production continue to be a persistent challenge for security teams and continue to leave organizations exposed. As the speed of development accelerates, the challenge is not just to identify vulnerabilities, but to focus on those that pose a real risk. By connecting application security to the live threat landscape, Palo Alto Networks' Cortex Cloud ASPM can help organizations stop threats faster and operate more efficiently," said Katie Norton, research director, DevSecOps and software supply chain security, IDC.
Cortex Cloud ASPM is in early access and is expected to be generally available in the second half of 2025.
