paloalto 2024年 云原生安全报告 .docxVIP

EXECUTIVESUMMARY

ARetrospectonthePreviousYear

Webeginourexplorationofthe2024stateofcloud-nativesecuritywithalookbackattheeventsandinfluencesof2023,eachofwhichfactorsintoourcurrentpostures,thechallengesweconfront,andthestrategieswe’vechosentoachieveourdesiredoutcomes.

Whileagiledevelopment,open-sourcesoftware,andcloud-nativetechnologiesgainedmomentumin2023,attackstargetingtheapplicationlayerhavebecomeanestablishedtrend.The

cloud-nativeecosystemgrappledwithasurgeinsupplychainattacks,highlightingtheprevalenceofvulnerabilitiesin

1open-sourcesoftwareandthird-partylibraries.Real-worlddataanalyzedbyourUnit42teamenhancedthispicture,identifyingthecloudasthedominantattacksurface,with80%ofmedium,high,andcriticalexposuresfoundincloud-hostedassets.

1

Forsometime,we’veprioritizedapplicationandinfrastructuresecurity.Butwemustn’tforgetthatthird,

all-importantballintheair.Withtheglobaldataspherereaching120zettabytesin2023,2securingsensitivedataremainsmissioncritical.Thechallengesofmonitoringandcontrollingsensitiveinformation,however,haveescalated.

1CortexXpanseASMThreatReport20232DataCreatedWorldwide2010-2025

2 TheStateofCloud-NativeSecurity

Cloudsecurityisasmuchabusinessgoalasanythingelseweendeavortoachieve.

What’smore,generativeAIemergedin2023asagroundbreakingforcewiththepotentialtohalvedevelopmenttimeandcosts,ultimatelyredefiningtheapplicationeconomy.3Butmuchlikethe

cloudanditsmyriadbenefitsinextricablytiedtochallengeswemustaddress,generativeAIasadevelopmenttoolcomescounterweightedwithconcerns.WehadnosoonerbeguntowonderaboutpotentialissueswhenOWASPreleasedtheTop10LLMSecurityRisksforsecurityteams,alertingustopromptinjection,insecureoutputhandling,

andnewavenuesforsupplychainvulnerabilitiesandsensiti