Adoption Advisor

Adoption Advisor provides guidance through the three stages of the code to cloud application lifecycle: Code & Build, Deploy, and Run. It helps you navigate the Foundational, Intermediate, and Advanced tasks at each stage of the application lifecycle, and adopt the security capabilities at your own pace. You can also use the Adoption Advisor console to generate and manage PDF reports for adoption progress and widget data from the previous 30, 60, or 90 days.
On your code to cloud journey the checks in the Code & Build, Deploy, and Run phases of the application, provide you with:
  • Visibility and control within your Code & Build processes is critical to identify vulnerabilities and compliance violations before progressing to the next phase of the application’s lifecycle.
    In this phase, you are responsible for the secure operation of your cloud services. As an example, you use Infrastructure as code (IaC) templates to deploy, maintain, and remove cloud services such as VMs, storage buckets. Visibility and control at this stage enables your developers to proactively harden open source dependencies and IaC by identifying vulnerabilities, compliance violations, and secrets before they are compiled into applications or deployed as insecure cloud services. And you also may have Continuous Integration (CI) practices to rapidly and continuously develop, update, and maintain your cloud-based applications. The assembly and testing of your code into usable software packages are automated by CI systems such as Jenkins, CircleCI that integrate with the different code repositories and package management systems. These CI systems produce deployable artifacts, such as IaC, VM images, Docker images, Serverless Images, that are consumed by the release processes to drive frequent deployments and support agile development.
  • Ability to identify vulnerability and compliance issues within the Deploy phase when applications that are staged for deployment in your continuous cycle of development, testing, and release, or Continous Development pipelines. At this stage, you can enforce policies to ensure only trusted applications are allowed to launch within the cloud runtime environment.
  • Predictive and threat-based protections to secure your Runtime environments. In this stage, you can detect and remediate overly permissive cloud access roles that present opportunities for attackers, identify expected patterns/behavior in runtime actions of applications and resources and prevents anomalous activity.
Adoption Advisor
includes all the security capabilties available from the different subscriptions that include Visibility. Compliance, Governbance for Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), and Cloud Code Security (CCS), Cloud Identity and Access Management (CIEM), and Data Security capabilities on Prisma Cloud. For completing some of these checks, the subscription must be activated first.
And to help you set your pace, the tasks in the Adoption Advisor are grouped as:
  • Foundational – Your organization has started its cloud adoption journey. You are presented with the challenge of effectively managing assets within the cloud and on-premises. Prisma Cloud Enterprise Edition provides your organization with the visibility, tools, and knowledge to develop a strong and secure cloud adoption foundation.
  • Intermediate – As you progress with understanding and adopting cloud-based technologies beyond the traditional infrastructure as a service (IaaS) architecture, Prisma Cloud enables you to effectively manage the vulnerabilities and compliance of your cloud resources.
  • Advanced – In this phase, your organization is innovating its business with the cloud, and this is supported by the industry-leading capabilities of Prisma Cloud Enterprise Edition. Use Prisma Cloud to proactively control your cloud operations, and identify and remediate issues before they manifest within your runtime environments.
For more information about Adoption Advisor, see the following sections.

How do I Use the Adoption Advisor

Use the Adoption Advisor for visibility on how much of the security capabilities your organization has adopted, uncover security capabilities that you have not yet explored so that you can make the most of your investment, and for guidance on where to take action for maintaining good security hygiene in a particular area and managing risk as you adopt the cloud for critical infrastructure. As your teams complete the recommended tasks, the
Adoption Progress
indicator depicts your progress as a percentage.
  1. Select
    Adoption Advisor
    on the left-hand pane.
    The System Admin role can perform all the actions on this page, and can generate or view Reports. For all other Prisma Cloud roles, based on your role and the access privileges, you can view a list of items and widgets that provide visibility into your operationalization journey, and guidance on the next steps.
  2. Select a phase and a task on the dashboard to take action.
    You can either review the details in the
    Actions to complete
    and complete the tasks or
    Assign Task
    to make progress.
    1. Review the details in
      Actions to complete
      and perform the tasks.
      For example, select Code & Build to view the list of tasks. Then select a task and review the details in the
      Actions to complete
      where you have a three-step summary of each task. Complete the task to make progress.
    2. Assign Task
      to a user.
      1. Select the
        to whom you want to assign the task from the drop-down.
      2. Optional
        Add a comment.
      3. Save
        the task.
        When you save the task, the Assignee will receive an email notification containing the task assignment details.
        Initially, only the System Admin can assign a task to a user. However, the Assignee can re-assign the task to another user if needed. When re-assigned, the current Assignee becomes the Reporter, and the new Assignee will receive an email notification containing the task assignment details.
  3. Review the progress with issue burndown.
    For each widget, refer to the Adoption Advisor Widgets to review how your security posture is being managed through better alert handling.
    For sharing your progress,
    Generate Report
    to download your Cloud Security Report for the last 30, 60, or 90 days.

Adoption Advisor Widgets

Adoption Progress
Depicts how well your team has been using the full complement of Prisma Cloud capabilities. This percentage is a ratio of the number of tasks completed divided by the total number of tasks available to you. As your cloud footprint grows, use the Adoption Advisor to identify where to focus on your journey to strengthen your cloud security posture.
Anomalous Threats Detected
Anomalous Threats Detected are organized by UEBA and Network-based anomaly alerts and policies. The top row displays the number of threats detected for UEBA and Network for the past 30/60/90 days. The bottom row displays the number of enabled vs. possible policies.
Discovered vs Secured Resources
Displays the extent to which the Defender is currently protecting your cloud environment. It shows the number of resources detected by Cloud Discovery as well as the number of Secured resources protected by deployed Defenders over a period of time.
High Risk Assets & Alerts
Displays the count of high severity risks detected for all policy violations such as Network, Anomaly, Audit Event, and Config policies by a tenant and the assets producing these alerts over a period of time. It also shows you the Addressed Alert count that includes the states of resolve, dismiss or snooze.
Incident Burndown
Displays the alerts generated from Network, Anomaly, and Audit Event against the assets across your monitored cloud environments and your team’s progress on addressing these incidents. The addressed actions include the states of resolve, dismiss or snooze.
Risk Burndown
Displays the number of high severity risks detected using the Configuration policies on Prisma Cloud and your team’s progress on addressing these risks. The addressed actions include the states of resolve, dismiss or snooze.
Regulatory Compliance Achieved
Displays the compliance posture for the top 3 compliance standards from the list of compliance reports you have generated. The top 3 compliance standards are shown by first prioritizing scheduled reports, then one-time reports.
Top Custom Alerts Generated
Displays the top 3 custom policies by open alert count, highlighting the threats and misconfigurations you are catching through these policies.
Vulnerability Trends
Displays the vulnerabilities discovered and resolved over time across images, hosts, containers, and functions for the impacted resources.

Create and Manage Adoption Advisor Reports

Adoption Advisor analyzes your deployment to generate a report that considers your position on the cloud security maturity model. With this report, you can show your stakeholders how adoption progress is currently going in terms of security capabilities at each stage of the application lifecycle, Code & Build, Deploy, and Run, in a visual format.
Prisma Cloud administrators with the System Admin role can on-demand download Adoption Advisor PDF report containing a summary of the adoption progress along with a metrics overview of data for the last 30, 60, or 90 days. They can also set up recurring reports to generate at a specified interval.
  1. Create a report
    1. Log in to Prisma Cloud.
    2. Create a new report.
      1. Select
        Adoption Advisor
        Create Report
      2. Select the
        One Time
        If you select
        specify how often and when you want the report to run.
        You can only edit Recurring reports to modify any inputs.
      3. Enter the following information:
        • Enter a descriptive
          for the report.
        • (
          ) Enter the
          Email Address(es)
          for the recipient(s) to receive the reports.
        • Select the
          Widget Date Range
          for which you want the metrics data.
      4. Save Report
  2. View and Manage Reports
    After you create a report, they will automatically run at the scheduled time. Select
    Adoption Advisor
    to view a list of all the scheduled reports and use the search filter to narrow the list of reports displayed or search for a specific report. You can also change the list view of the reports and download the table view as a
    • From the
      tab you can clone a report. You can also share reports by downloading a PDF version.
    • The
      tab in the
      view allows you to also download reports or delete them if they are no longer required.
    • For recurring reports, the
      Enable Scheduling
      toggle allows you to choose whether a report should be emailed automatically according to the predefined schedule. When disabled, the report is not emailed, but can be downloaded on demand.
    • Select the edit icon to update or change report scheduling details, including adding or removing recipients.

Recommended For You