Prisma Cloud Network Security
Prisma Cloud enhances your network security posture within public cloud environments. It helps you to find incidents and threats that are based on VPC flow logs and also the network exposure of your cloud assets based on configuration.
Prisma Cloud ingests and monitors network traffic from cloud services and allows you to query network events in your cloud environments. You can detect when services, applications, or databases are exposed to the Internet and if there are potential data exfiltration attempts. It also monitors network configuration and traffic logs to and from your assets deployed on the cloud environment after you’ve onboarded your cloud accounts.
Network exposure queries are currently supported only on AWS, Azure, and GCP cloud environments and are currently not available in the Government and China regions.
Prisma Cloud’s inbuilt cloud network analyzer engine automatically calculates net effective reachability of cloud resources through entities such as virtual machines, databases, and network interfaces and helps detect unrestricted network access from the Internet or external network domain using two main vectors:
- Routing path exists from source to destination
- Net effectiveness of all cloud-native network security policies in the path
Prisma Cloud network security capabilities include high fidelity alerts that provide rich context, so you know exactly how a particular cloud asset is exposed and can prioritize the risk and take meaningful action. It includes out-of-the-box policies that help you identify risky network exposure.
