What is Included with Prisma Cloud
- AWS S3 support for Prisma Cloud tenants in the USA and EMEA regions.
- Freemiumexperience that offers 3 credits per tenant, before you are charged for using the Data Security module. When your data exceeds the freemium threshold you use credits from the Prisma Cloud Enterprise Edition license. You can apply the free 3 credits to 600GB of exposure scanning or 100GB of sensitive and malware scanning, after which the cost will be adjusted based on scan capability. For full scan, all selected data will be scanned for public exposure scanning at 5 credits/TB, while only classifiable data and malware will be charged at 30 credits/TB.
- Ability to scan all or selected S3 buckets when you onboard your AWS account(s) on Prisma Cloud. You can choose to enable a forward or backward scan when you add the cloud account.The default scan quota for each tenant is 1500 credits; this quota allows you to control how much data is scanned so that you can align your organizational DLP budget with the amount of data that is scanned. This 1500 credits limit is adjustable and you can open a support ticket with Prisma Cloud Customer Success to increase it and balance your costs, while also ensuring that you're using Prisma Cloud Data Security to scan the file types that you want to secure.Prisma Cloud Data Security needs to read objects stored on your AWS S3 buckets for scanning them. The encryption types supported are—Amazon S3 created and managed keys (SSE-S3), and AMS KMS keys that are AWS Managed or Customer Managed. If you use the AWS Key Management Service with Customer Managed Keys (CMK), when you assign the correct permissions to the Prisma Cloud IAM role, Prisma Cloud can scan files in S3 buckets that are encrypted using customer managed encryption keys.
- Visibility, exposure, and classification of S3 buckets & objects on the new Data Dashboard, Data Inventory, and Object Explorer.
Prisma Cloud Data Security uses Palo Alto Networks’ Enterprise DLP and WildFire services to process and scan S3 objects for sensitive data and malware. When S3 objects are sent to Enterprise DLP for analysis, these objects are stored temporarily in Prisma Cloud’s S3 buckets for less than 24 hours, and then deleted. Additionally, the files with .avro, .ORC, and .parquet extensions are stored up to 7 days. Enterprise DLP does not retain any data after it provides a data classification verdict on your files. Files processed by WildFire follow the standard retention policy for Wildfire.
- S3 objects in standard storage class only are ingested for scanning.
- For malware scanning:
- The uncompressed file size must be less than 100MB. For example, if the file size is more than 100MB, but was compressed to under 100MB the file will not be successfully scanned.
- For data classification scanning:
- The size of .avro, .ORC, and .parquet files must be less than 2.5GB.
- For all other supported file types, uncompressed file size must be less than 20MB. For example, if the file size is more than 20MB, but was compressed to under 20MB the file will not be successfully scanned.
- For ML-based classification scanning, the file size must be less than 1MB.
- For backward scan, each tenant has an hourly limit of 50GB.
- Default Data policies to detect public exposure of sensitive information. The data policies generate alerts on Prisma Cloud and you can set up notification to external integration channels supported on Prisma Cloud. In addition, you can create custom data profiles and patterns and use them in policies to scan content for your security needs.
- Integration with Config RQL to show all objects in an S3 bucket, including exposure, Data Profile & malware detection in the Resource Explorer.
Recommended For You
Recommended videos not found.