What is Included with Prisma Cloud Data Security

  • AWS S3 support for USA regions.
  • Ability to scan all or selected S3 buckets when you onboard your AWS account(s) on Prisma Cloud. You can choose to enable a forward or backward scan when you add the cloud account. The scan quota for each tenant is 10TB; this quota allows you to limit how much data is scanned. It is adjustable and you can contact Prisma Cloud Customer Success to increase it for your needs.
    Prisma Cloud Data Security needs to read objects stored on your AWS S3 buckets for scanning them.
  • Visibility, exposure, and classification of S3 buckets & objects on the new Data Dashboard, Data Inventory, and Object Explorer.
    • S3 objects in standard storage class only are ingested for scanning.
    • File sizes and scanning:
      • For data classification and malware scanning, the uncompressed file size must be less than 20MB. For example, if the file size is 25MB, but was compressed to under 20MB the file will not be successfully scanned.
      • Malware detection of objects (only Windows executables & Linux binaries).
      • For ML-based classification scanning, the file size must be less than 1MB.
      • For backward scan, each tenant has a daily limit of 300GB.
        For forward scan each tenant has 10GB per hour. When this threshold is met, the scanning is slower for the files in queue until the hour is reset.
  • Default Data policies to detect public exposure of sensitive information. The data policies, currently five, generate alerts on Prisma Cloud and you can set up notification to external integration channels supported on Prisma Cloud.
  • Freemium
    experience that offers 300GB per tenant, before you are charged for using the Data Security module. When your data exceeds the freemium threshold you use credits from the Prisma Cloud Enterprise Edition license.
  • Integration with Config RQL to show all objects in an S3 bucket, including exposure, Data Profile & malware detection in Resource Explorer.

Recommended For You