Prisma Cloud—How it Works

Learn how Prisma™ Cloud ingests and processes data from your cloud environment to help you identify and mitigate security risks.
As a Security Operations Center (SOC) enablement tool, Prisma™ Cloud helps you identify issues in your cloud deployments and then respond to a list of prioritized risks so that you can maintain an agile development process and operational efficiency.
When you add a cloud account to Prisma Cloud, the IaaS Integration Services module ingests data from flow logs, configuration logs, and audit logs in your cloud environment over an encrypted connection and stores the encrypted metadata in RDS3 and Redshift instances within the Prisma Cloud AWS Services module. You then use the Prisma Cloud administrative console or the APIs to interact with this data to configure policies, to investigate and resolve alerts, to set up external integrations, and to forward alert notifications. The Enterprise Integration Services module enables you to leverage Prisma Cloud as your cloud orchestration and monitoring tool and to feed relevant information to existing SOC workflows. The integration service ingests information from your existing single sign-on (SSO) identity management system and allows you to feed information back in to your existing SIEM tools and to your collaboration and helpdesk workflows.
To ensure the security of your data and high availability of Prisma Cloud, Palo Alto Networks makes Security a priority at every step. The Prisma Cloud architecture uses Cloudflare for DNS resolution of web requests and for protection against distributed denial-of-service (DDoS) attacks. The following diagram represents the infrastructure within a region:
For data redundancy of stateful components, such as RDS and Redshift, and of stateless components, such as the application stack and Redis (used primarily as a cache), the service uses native AWS capabilities for automated snapshots or has set up automation scripts using AWS Lambda and SNS for saving copies to S3 buckets.
Additionally, to ensure that these snapshots and other data at rest are safe, Prisma Cloud uses AWS Key Management Service (KMS) to encrypt and decrypt the data. To protect data in transit, the infrastructure terminates the TLS connection at the Elastic Load Balancer (ELB) and secures traffic between components within the data center using an internal certificate until it is terminated at the application node. This ensures that data in transit is encrypted using SSL. And, lastly, for workload isolation and micro segmentation, the built-in VPC security controls in AWS securely connect and monitor traffic between application workloads on AWS.

Recommended For You