/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/07/31/website-banner-2025-07-31-17-21-17.jpg)
/vnd/media/media_files/2025/05/08/6rnB1tNTZ64zI9kKWTic.png)
Palo Alto Networks, a global cybersecurity company, has announced the launch of Cortex Cloud Application Security Posture Management (ASPM), a new application security module designed to prevent security issues from reaching production environments. The tool enables security teams and developers to address risks before deploying cloud and AI applications, aiming to enhance speed, efficiency, and cost-effectiveness in remediation efforts.
Cortex Cloud ASPM features an open AppSec partner ecosystem, allowing organisations to consolidate data from third-party code scanning tools into a single platform. By integrating native ASPM data with insights from external vendors, security teams can improve visibility and strengthen their security posture, without requiring developers to change their existing tools. Current AppSec partners include Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk, and Veracode.
This release builds on the earlier launch of Cortex Cloud, which combined Palo Alto Networks’ cloud-native application protection platform (CNAPP) with cloud detection and response (CDR) capabilities to offer real-time cloud security. As part of the broader Cortex platform, the new ASPM module provides access to AI-ready data across code, cloud, and security operations, supporting more integrated and proactive security processes.
Sarit Tager, VP of Product Management, Palo Alto Networks, commented,“As AI-generated code accelerates development from months to hours, security practices must evolve to match the pace of innovation. With a CNAPP, CDR, and now a prevention-first ASPM, Cortex Cloud offers comprehensive cloud security and helps prevent risks before they reach production by delivering full visibility across the application lifecycle.”
Key capabilities of Cortex Cloud ASPM include:
-
Proactive risk prevention: Identifies and blocks security issues before they reach production, using application and business context to enforce targeted controls without disrupting workflows.
-
Effective prioritisation: Helps focus on critical and exploitable risks by correlating results from both native and third-party scanners, factoring in code, cloud, runtime, and business context.
-
Automation throughout the lifecycle: Reduces manual remediation by automating response actions across security and development teams.
Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, stated,“Security teams continue to face challenges in preventing application risks from reaching production, especially as development cycles accelerate. The ability to focus on real risks rather than every detected vulnerability is key. Palo Alto Networks’ Cortex Cloud ASPM connects application security with the live threat environment, helping organisations respond more effectively and operate with greater efficiency.”
Cortex Cloud ASPM is currently available through an early access programme and is expected to become generally available in the second half of 2025.