Learn how Prisma™ Cloud enables you to protect your resources deployed
on public cloud platforms and build-ship-and runtime defense for
container workloads deployed anywhere to prevent attack vectors
that cause security issues such as image vulnerabilities, account
compromises, and cryptojacking.
Prisma™ Cloud is a cloud infrastructure security solution
and a Security Operations Center (SOC) enablement tool that enables
you to address risks and secure your workloads in a heterogeneous
environment (hybrid and multicloud) from a single console. It provides
complete visibility and control over risks within your public cloud
infrastructure—Amazon Web Services (AWS), Microsoft Azure, Google
Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), Alibaba
Cloud— and enables you to manage vulnerabilities, detect anomalies,
ensure compliance, and provide runtime defense in heterogeneous
environments, such as Windows, Linux, Kubernetes, Red Hat OpenShift,
AWS Lambda, Azure Functions, and GCP Cloud Functions. The main capabilities
are:
Continuous security assessment of your configuration,
compliance monitoring, monitoring your storage buckets for sensitive
data, integration with external services for incident management
and remediation to address issues identified on your resources in
the public cloud, as well as shift-left capabilities to scan Infrastructure-as-code
(IaC) templates across the application lifecycle. These capabilities
are completely API-based and you can configure these capabilities
using shift-left plugins and the different tabs on the Prisma Cloud
administrative console. For an overview, see Cloud Security Posture Management with Prisma Cloud.
Consistent visibility and runtime defense with least-privilege microsegmentation
for physical machines, virtual machines, containers, and serverless
workloads—regardless of location. These capabilities require an agent
and the API. Use the
Cloud Infrastructure Entitlement Management—Cloud Infrastructure Entitlement
Management (CIEM) enables visibility and control over cloud identities
to ensure least-privileged user access governing cloud resources,
compute and data. For an overview, see Prisma Cloud IAM Security.
Cloud Security Posture Management with Prisma Cloud
The API-based service enables granular
visibility in to your resources deployed on public cloud platforms
and in to the network traffic flows to these resources from the
internet and between instances. Prisma™ Cloud also provides threat
detection and response for resource misconfigurations and workload
vulnerabilities and provides visibility into user activity within
each cloud environment. Tracking user activity helps you identify
account compromises, escalation of privileges with privileged accounts,
and insider threats from malicious users, unauthorized activity,
and inadvertent errors. Prisma Cloud continuously monitors your
cloud environments to help ensure that your cloud infrastructure
is protected from these security threats.
In addition to providing visibility and reducing risks, Prisma
Cloud facilitates Security Operations Center (SOC) enablement and
adherence to compliance standards. As the service automatically
discovers and monitors compliance for new resources that are deployed
in your cloud environment, it enables you to implement policy guardrails to
ensure that resource configurations adhere to industry standards
and helps you integrate configuration change alerts into DevSecOps
workflows that automatically resolve issues as they are discovered.
This capability streamlines the process of identifying issues and
detecting and responding to a list of prioritized risks to maintain
an agile development process and operational efficiency.
Here are some highlights of Prisma Cloud:
Comprehensive Visibility
—Enables
you to view your resources—deployed on multiple cloud infrastructure
platforms—from a single console. In addition to providing a consolidated
view of the resources across the cloud platforms, Prisma Cloud integrates
with threat intelligence feeds, vulnerability scanners, and Security
Information and Event Management (SIEM) solutions to help you build
a contextual view of your cloud deployments.
Policy Monitoring
—Enables you to use Prisma Cloud, which
includes Security policies based on industry standards, to continuously monitor
for violations. Because cloud platforms enable agility and your
users can create, modify, and destroy resources on-demand, these
user actions often occur without any security oversight. Prisma
Cloud provides hundreds of out-of-the-box policies for common security
and compliance standards, such as GDPR, PCI, CIS, and HIPAA. You
can also create custom policy rules to address specific needs or
to customize the default policy rules.
Anomaly Detection
—Automatically detects suspicious user
and network behavior using machine learning. Prisma Cloud consumes data
about your AWS resources from AWS CloudTrail, AWS Inspector, and Amazon
GuardDuty to detect account compromises and insider threats. This service
uses machine learning to score the risk level for each cloud resource based
on the severity of business impact, policy violations, and anomalous behavior.
Risk scores are then aggregated so that you can prioritize your
alerts and benchmark risk postures across your entire environment.
Contextual Alerting
—Leverages highly contextual alerts for
prioritization and rapid response. Because Prisma Cloud also integrates
with external vulnerability services, such as AWS Inspector, Tenable.io,
and Qualys, to continuously scan your environment, it has additional
context to identify unexpected and potentially unauthorized and
malicious activity. For example, the service scans for unpatched
hosts, escalation of privileges, and use of exposed credentials,
and also scans communication for malicious IP addresses, URLs, and
domains.
Cloud Forensics
—Enables you to go back to any point
in time and investigate an issue within seconds. To help you identify
security blind spots and investigate issues, Prisma Cloud monitors
network traffic from sources such as AWS VPC flow logs, Azure flow
logs, GCP flow logs, Amazon GuardDuty, and user activity from AWS
CloudTrail and Azure.
Compliance Reporting
—Reports your risk posture to your
management team, to your board of directors, and to auditors.
Data Security
—Scans data stored on AWS S3 buckets
and provides visibility on the scan results directly on the Prisma
Cloud dashboard. The data security capabilities include predefined
data policies and associated data classification profiles such as
PII, Financial, or Healthcare & Intellectual Property that scan
your objects stored in the S3 bucket to identify exposure—how sensitive
information is kept private, or exposed or shared externally, or
allows unauthorized access. It also integrates the industry-leading WildFire
service to detect known and unknown malware that may have infiltrated
any Amazon Web Service Simple Storage Service (AWS S3) buckets.
Cloud Workload Protection with Prisma Cloud
Prisma™ Cloud offers cloud workload protection, as either
a SaaS option or a self-hosted solution that you deploy and manage
(review your options
).
The SaaS option, available with the Prisma Cloud Enterprise Edition,
offers a single management console for threat detection, prevention,
and response for your heterogeneous environment where your teams
are leveraging public cloud platforms and a rich set of microservices
to rapidly build and deliver applications. The
Compute
tab
on the Prisma Cloud administrative console enables you to define
policy and to monitor and protect the hosts, containers, and serverless
functions within your environment.
To monitor the workloads, you must deploy Prisma Cloud Defenders:
the agents. All Defenders, regardless
of their type, connect back to the console using WebSocket over
port 8084 to retrieve policies and enforce vulnerability and compliance
blocking rules to the environments where they are deployed, and
to send data back to the
Compute
tab within
the Prisma Cloud administrative console. For documentation on how
to get started with deploying Defenders, configuring policies, viewing
alerts, and interpreting the data on Radar, see the Prisma Cloud Administrator’s
Guide (Compute)
. For administrative
user management, such as integrating single sign-on, setting up
custom roles, and creating access keys, use the
Settings
tab
on the Prisma Cloud administrative console outlined in this document.