Overview:
Prisma™ Cloud delivers complete security across the development lifecycle on any cloud, enabling you to develop cloud native applications with confidence.
The modern enterprise requires cloud native security
The move to the cloud has changed all aspects of the application development lifecycle – security being foremost among them. Security and DevOps teams face a growing number of entities to secure as the organization adopts cloud native approaches. Ever-changing environments challenge developers to build and deploy at a frantic pace, while security teams remain responsible for the protection and compliance of the entire lifecycle.
Prisma Cloud: The Cloud Native Security Platform
Comprehensive cloud native security
- Deliver complete visibility, automation, detection and response across any compute, network or cloud service.
- Enforce hundreds of out-of-the-box governance policies that help ensure compliance and enforce good behavior.
Full lifecycle
- Eliminate issues early and prevent alert fatigue by seamlessly integrating security early and throughout the application lifecycle, from IDE, SCM, CI/CD and registries to runtime.
- Leverage continuous vulnerability management and automated risk prioritization across the entire cloud native stack and lifecycle. Easily investigate any incident.
Across any cloud
- Monitor, secure and maintain compliance on multi- and hybrid-cloud environments with a single integrated platform.
- Leverage purpose-built solutions for public clouds, such as AWS®, Google Cloud™ and Microsoft Azure®, as well as secure your on-premises investments like OpenShift®.
Prisma Cloud pillars
- Visibility, governance & compliance
Gain deep visibility into the security posture of multi-cloud environments. Keep track of everything that gets deployed with an auotmated asset inventory, and maintain compliance with out-of-the-box governance policies that enforce good behavior across your environments.
- Compute security
Secure hosts, containers and serverless throughout the application lifecycle. Detect and prevent risks by integrating vulnerability intelligence from IDE, SCM, CI/CD and to registries and runtime. Enforces ML-based runtime protection to protect applications and workloads in realtime.
- Network protection
Continuously monitor network activity for anomalous behavior, enforce microservice-aware microsegmentation and implement industry-leading firewall protection. Protect the network perimeter as well as the connectivity between containers and hosts.
- Identity security
Monitor and analyze user and entity behavior across your environments to detect and block malicious actions. Gain visibility into and enforce governance policies on user activities, and manage the permissions of both users and workloads.
Protection for cloud environments
AWS
Protection for applications and data across AWS - including EC2, ECS and Lambda functions.
Microsoft Azure
Protection for your applications and data across Microsoft Azure - including AKS, ACR or Azure Functions.
Google Cloud
Protection for your applications and data across Google Cloud - including Anthos, GKE, and serverless functions.
Amazon Web Services:
Prisma Cloud Simplifies Cloud Threat Defense on AWS
Cloud computing adoption is outpacing cybersecurity defenses. The absence of a physical network boundary to the internet, risk of accidental exposure by inexperienced users, decentralized visibility, and the dynamic nature of the cloud increase the attack surface by orders of magnitude. Although security point products may be able to address individual challenges, they are unable to provide holistic protection in an environment where resources are constantly changing, such as Amazon Web Services.
Prisma™ Cloud is a security and compliance service that dynamically discovers cloud resource changes and continuously correlates raw, siloed data sources, including user activity, resource configurations, network traffic, threat intelligence, and vulnerability feeds, to provide a complete view of cloud risk. Through an innovative, machine learning-driven approach, Prisma Cloud enables organizations to quickly prioritize risks, maintain agile development, and effectively fulfill their obligations in the shared responsibility model.
Benefits of Prisma Cloud on AWS
- Visualize every connected resource across your AWS environment.
- Maintain continuous compliance and easily generate reports across your AWS environment.
- Enable secure DevOps by setting guardrails with realtime monitoring for threats, such as risky configurations, sensitive user activities, network intrusions, and host vulnerabilities.
- Use anomaly detection capabilities to root out account compromises and insider threats.
- Investigate current threats or past incidents and quickly determine root causes.
- Get contextual alerts to help your team prioritize issues and respond quickly.
- Integrate seamlessly with Amazon GuardDuty.
Key Features and Benefits to Secure AWS Unmatched Visibility
Visualize your entire AWS environment, down to every component. Prisma Cloud dynamically discovers cloud resources and applications by continuously correlating configuration, user activity, and network traffic data. Combining this comprehensive understanding of the AWS environment with data from external sources, such as threat intelligence feeds and vulnerability scanners, Prisma Cloud delivers complete context for each risk.
Simplified Cloud Compliance
Prisma Cloud includes pre-built policies that adhere to industry-standard best practices, such as those put forth by CIS, GDPR, NIST, SOC 2, and PCI. You can also create custom policies based on your organization’s specific needs. Prisma Cloud continuously monitors for policy violations across all connected resources and supports one-click reports for simplified audits of your AWS environment.
Continuous compliance monitoring
Policy Guardrails
Prisma Cloud lets you set guardrails for DevOps to maintain agile development without compromising on security. This enables you to detect threats, such as risky configurations, sensitive user activities, network intrusions, and host vulnerabilities. Prisma Cloud automatically ranks risk scores for every resource, based on the severity of business risks, violations, and anomalies, helping SecOps quickly identify the riskiest resources and prioritize remediation efforts accordingly.
Automatic risk triage
Threat Detection
Prisma Cloud automatically detects anomalies in user and other behavior across your entire AWS environment, establishing behavior baselines and flagging any deviations. For example, a potential access key compromise will be flagged if a user is determined to be using access keys from two locations at similar times that are geographically impossible.
Automatic anomaly detection
Incident Investigation
With deep understanding of the AWS environment, Prisma Cloud reduces investigation time to seconds. You can quickly pinpoint issues, perform upstream and downstream impact analysis, and review the history of changes to a resource to better understand the root cause of an incident. For example, you can run a query to find all databases that were communicating directly via the internet last month. The resulting map will find all such instances and highlight the resources that are potentially compromised. figure 5, many resources are communicating with known malicious IP addresses.
Fast, easy investigation
Contextual Alerting and Adaptive Response
Prisma Cloud enables your teams to quickly respond to issues based on contextual alerts. These alerts, triggered based on a patent-pending risk scoring methodology, provide context on all risk factors associated with a resource, making it simple to prioritize the most important issues. You can send alerts, orchestrate policy, or perform auto-remediation. You can even route alerts to tools such as Slack®, Splunk®, and our own Cortex™ XSOAR to remediate issues. In the case of a risky database, Prisma Cloud will generate a contextual alert with information on risk factors to enable automated response.
Contextual alerts
Integration with Amazon GuardDuty
The contextual, machine learning-powered security and compliance controls of Prisma Cloud natively integrate with Amazon GuardDuty® to continuously monitor for malicious or unauthorized behaviors across your entire AWS environment. This lets you detect activities such as unusual API calls or potentially unauthorized deployments that indicate possible account compromises, including potentially compromised instances or reconnaissance by attackers.
Developing a Cloud Threat Defense Roadmap for AWS
Prisma Cloud enables you to develop a cloud threat defense program across your entire AWS environment, from inception to maturity, with the following capabilities:
- Compliance assurance: Mapping cloud resource configurations to compliance frameworks, such as CIS Benchmarks, GDPR, PCI DSS, and HIPAA, can be extremely time-consuming. Using prepackaged policies, Prisma Cloud enables continuous monitoring, auto-remediation, and one-click reporting, simplifying the process of staying compliant.
- Security governance: Incomplete visibility and imprecise control over changes in dynamic public cloud computing environments can make security governance difficult. Prisma Cloud enables architecture validation by establishing policy guardrails to detect and auto-remediate risks across resource configurations, network architecture, and user activities. With Prisma Cloud, you can finally support DevOps agility without compromising on security.
- SOC enablement: Security operations teams are inundated with alerts that provide little context on the issues, which makes it hard to triage issues in a timely manner. Prisma Cloud makes it possible to identify vulnerabilities, detect threats, investigate current or past incidents, and remediate issues across your entire AWS environment in minutes.
| Table 1: Cloud Threat Defense Maturity Model |
Cloud Footprint:
- Dozens of workloads
- Few cloud accounts
|
Cloud Footprint:
- Hundreds of workloads
- Many cloud accounts
|
Cloud Footprint:
- Multiple cloud providers
- Thousands of workloads
- Dozens of cloud accounts
|
Objectives:
- Compliance assurance
- Security governance
|
Objectives:
- Central visibility
- Threat detection
- Vulnerability management
+ Stage 1 objectives |
Objectives:
- Auto-remediation
- Incident investigation
+ Stage 2 objectives |
Prisma Cloud Security Suite
Prisma Cloud provides comprehensive visibility, threat detection, and rapid response across your entire AWS environment. A unique combination of continuous monitoring, compliance assurance, and security analytics enables security teams to respond more quickly to the most critical threats by replacing manual investigations with automated reports, threat prioritization, and remediation. With its API-based approach, Prisma Cloud delivers superior cloud native security.
Microsoft Azure:
Simplify compliance on Azure with Prisma Cloud
You need to ensure security and compliance controls are properly implemented and continuously maintained, regardless of how dynamic or distributed your Azure environments become. Prisma Cloud provides continuous visibility, compliance enforcement and reporting, and comprehensive threat protection for all your resources on Microsoft Azure – all via APIs that are frictionless to deploy and that integrate with any native Azure service.
Secure workloads and applications across Azure
Prisma Cloud provides full-lifecycle, full-stack security for any cloud native workload or application running on Azure, integrating security into Azure DevOps and Azure Container Registry, while protecting running workloads and apps. Whether you’re running AKS, Azure Container Registry (ACR) or Azure Functions, Prisma Cloud has you covered.
Network security for workloads and applications in Azure
VM-Series enhances your security posture on Microsoft Azure with the industry-leading threat prevention capabilities of the Palo Alto Networks Next-Generation Firewall in a VM form factor. This makes it ideal for deployment in environments where installing a hardware firewall is either difficult or impossible.
Security for Office 365
Prisma Access provides inline security to control access to sanctioned, tolerated and unsanctioned applications. It works together with Prisma SaaS to deliver comprehensive API-based compliance and security, allowing users to safely access SaaS apps; enforce policies based on user, app and device profiles; and protect data in Office 365.
Google Cloud Platform:
Simplify security and compliance on GCP
As your organization’s cloud footprint expands, you need to ensure that your security and compliance are properly implemented and continuously maintained, regardless of how dynamic or distributed your GCP environments may become. Prisma Cloud provides continuous visibility, compliance enforcement and reporting, and threat protection for all your resources on GCP – all through APIs that integrate with any native GCP service.
Support for GCE, GKE and Google Cloud functions
Prisma Cloud provides full-lifecycle, full-stack security for any cloud native workload or application running on GCP, integrating security into Google Cloud Build and Google Container Registry, while protecting running workloads and apps across GCP. Whether you’re running Anthos, GKE or Google Cloud Run, Prisma Cloud secures your cloud native applications.
Automated security at DevOps speed
The VM-Series virtual firewall consistently protects public and private clouds, virtualized data centers and branch environments by delivering inline network security and threat prevention. While public cloud platforms and software-defined network solutions provide you with basic security functionality, VM-Series strengthens your security posture with the industry-leading threat prevention capabilities of the Palo Alto Networks Next-Generation Firewall in a VM form factor.
Security for G-Suite
Prisma Access delivers the controls you need through inline security to manage access to sanctioned, tolerated and unsanctioned applications. It works with Prisma SaaS to provide API-based compliance and protection, allowing your organization to deliver access to SaaS apps to all users; enforce security policies based on user, app and device profiles; and protect data in G-Suite.
