Prisma Cloud
Learn how Prisma™ Cloud enables you to protect your resources deployed on public cloud platforms and build-ship-and runtime defense for container workloads deployed anywhere to prevent attack vectors that cause security issues such as image vulnerabilities, account compromises, and cryptojacking.
Prisma™ Cloud is a cloud infrastructure security solution and a Security Operations Center (SOC) enablement tool that enables you to address risks and secure your workloads in a heterogeneous environment (hybrid and multicloud) from a single console. It provides complete visibility and control over risks within your public cloud infrastructure—Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), Alibaba Cloud— and enables you to manage vulnerabilities, detect anomalies, ensure compliance, and provide runtime defense in heterogeneous environments, such as Windows, Linux, Kubernetes, Red Hat OpenShift, AWS Lambda, Azure Functions, and GCP Cloud Functions. The main capabilities are:
- Continuous security assessment of your configuration, compliance monitoring, monitoring your storage buckets for sensitive data, integration with external services for incident management and remediation to address issues identified on your resources in the public cloud, as well as shift-left capabilities to scan Infrastructure-as-code (IaC) templates across the application lifecycle. These capabilities are completely API-based and you can configure these capabilities using shift-left plugins and the different tabs on the Prisma Cloud administrative console. For an overview, see Cloud Security Posture Management with Prisma Cloud.
- Consistent visibility and runtime defense with least-privilege microsegmentation for physical machines, virtual machines, containers, and serverless workloads—regardless of location. These capabilities require an agent and the API. Use theComputetab on the Prisma Cloud administrative console to set up and monitor this functionality. For an overview, see Cloud Workload Protection with Prisma Cloud.
- Cloud Infrastructure Entitlement Management—Cloud Infrastructure Entitlement Management (CIEM) enables visibility and control over cloud identities to ensure least-privileged user access governing cloud resources, compute and data. For an overview, see Prisma Cloud IAM Security.
Cloud Security Posture Management with Prisma Cloud
The API-based service enables granular visibility in to your resources deployed on public cloud platforms and in to the network traffic flows to these resources from the internet and between instances. Prisma™ Cloud also provides threat detection and response for resource misconfigurations and workload vulnerabilities and provides visibility into user activity within each cloud environment. Tracking user activity helps you identify account compromises, escalation of privileges with privileged accounts, and insider threats from malicious users, unauthorized activity, and inadvertent errors. Prisma Cloud continuously monitors your cloud environments to help ensure that your cloud infrastructure is protected from these security threats.
In addition to providing visibility and reducing risks, Prisma Cloud facilitates Security Operations Center (SOC) enablement and adherence to compliance standards. As the service automatically discovers and monitors compliance for new resources that are deployed in your cloud environment, it enables you to implement policy guardrails to ensure that resource configurations adhere to industry standards and helps you integrate configuration change alerts into DevSecOps workflows that automatically resolve issues as they are discovered. This capability streamlines the process of identifying issues and detecting and responding to a list of prioritized risks to maintain an agile development process and operational efficiency.
Here are some highlights of Prisma Cloud:
- Comprehensive Visibility—Enables you to view your resources—deployed on multiple cloud infrastructure platforms—from a single console. In addition to providing a consolidated view of the resources across the cloud platforms, Prisma Cloud integrates with threat intelligence feeds, vulnerability scanners, and Security Information and Event Management (SIEM) solutions to help you build a contextual view of your cloud deployments.
- Policy Monitoring—Enables you to use Prisma Cloud, which includes Security policies based on industry standards, to continuously monitor for violations. Because cloud platforms enable agility and your users can create, modify, and destroy resources on-demand, these user actions often occur without any security oversight. Prisma Cloud provides hundreds of out-of-the-box policies for common security and compliance standards, such as GDPR, PCI, CIS, and HIPAA. You can also create custom policy rules to address specific needs or to customize the default policy rules.
- Anomaly Detection—Automatically detects suspicious user and network behavior using machine learning. Prisma Cloud consumes data about your AWS resources from AWS CloudTrail, AWS Inspector, and Amazon GuardDuty to detect account compromises and insider threats. This service uses machine learning to score the risk level for each cloud resource based on the severity of business impact, policy violations, and anomalous behavior. Risk scores are then aggregated so that you can prioritize your alerts and benchmark risk postures across your entire environment.
- Contextual Alerting—Leverages highly contextual alerts for prioritization and rapid response. Because Prisma Cloud also integrates with external vulnerability services, such as AWS Inspector, Tenable.io, and Qualys, to continuously scan your environment, it has additional context to identify unexpected and potentially unauthorized and malicious activity. For example, the service scans for unpatched hosts, escalation of privileges, and use of exposed credentials, and also scans communication for malicious IP addresses, URLs, and domains.
- Cloud Forensics—Enables you to go back to any point in time and investigate an issue within seconds. To help you identify security blind spots and investigate issues, Prisma Cloud monitors network traffic from sources such as AWS VPC flow logs, Azure flow logs, GCP flow logs, Amazon GuardDuty, and user activity from AWS CloudTrail and Azure.
- Compliance Reporting—Reports your risk posture to your management team, to your board of directors, and to auditors.
- Data Security—Scans data stored on AWS S3 buckets and provides visibility on the scan results directly on the Prisma Cloud dashboard. The data security capabilities include predefined data policies and associated data classification profiles such as PII, Financial, or Healthcare & Intellectual Property that scan your objects stored in the S3 bucket to identify exposure—how sensitive information is kept private, or exposed or shared externally, or allows unauthorized access. It also integrates the industry-leading WildFire service to detect known and unknown malware that may have infiltrated any Amazon Web Service Simple Storage Service (AWS S3) buckets.
Cloud Workload Protection with Prisma Cloud
Prisma™ Cloud offers cloud workload protection, as either a SaaS option or a self-hosted solution that you deploy and manage (review your options
).
).The SaaS option, available with the Prisma Cloud Enterprise Edition, offers a single management console for threat detection, prevention, and response for your heterogeneous environment where your teams are leveraging public cloud platforms and a rich set of microservices to rapidly build and deliver applications. The
Compute
tab on the Prisma Cloud administrative console enables you to define policy and to monitor and protect the hosts, containers, and serverless functions within your environment.To monitor the workloads, you must deploy Prisma Cloud Defenders: the agents. All Defenders, regardless of their type, connect back to the console using WebSocket over port 8084 to retrieve policies and enforce vulnerability and compliance blocking rules to the environments where they are deployed, and to send data back to the
. For administrative user management, such as integrating single sign-on, setting up custom roles, and creating access keys, use the
Compute
tab within the Prisma Cloud administrative console. For documentation on how to get started with deploying Defenders, configuring policies, viewing alerts, and interpreting the data on Radar, see the Prisma Cloud Administrator’s Guide (Compute)
. For administrative user management, such as integrating single sign-on, setting up custom roles, and creating access keys, use the Settings
tab on the Prisma Cloud administrative console outlined in this document.