* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/)
* Prisma Cloud Further Exte...

# Prisma Cloud Further Extends Host and Container Security

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F01%2Fcloud-host-container-web-app-api-release%2F)  
[](https://twitter.com/share?text=Prisma+Cloud+Further+Extends+Host+and+Container+Security&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F01%2Fcloud-host-container-web-app-api-release%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2021%2F01%2Fcloud-host-container-web-app-api-release%2F&title=Prisma+Cloud+Further+Extends+Host+and+Container+Security&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2021/01/cloud-host-container-web-app-api-release/&ts=markdown)  
\[\](mailto:?subject=Prisma Cloud Further Extends Host and Container Security)  
Link copied  
By [Keith Mokris](https://www.paloaltonetworks.com/blog/author/keith-mokris/?ts=markdown "Posts by Keith Mokris")  
Jan 25, 2021  
6 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[API](https://www.paloaltonetworks.com/blog/tag/api/?ts=markdown)  
[Container Security](https://www.paloaltonetworks.com/blog/tag/container-security/?ts=markdown)  
[Containers](https://www.paloaltonetworks.com/blog/tag/containers/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)  
[Web Application and API Security](https://www.paloaltonetworks.com/blog/tag/web-application-and-api-security/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/2021/02/cloud-host-container-web-app-api-release/?lang=ja "Switch to Japanese(日本語)")

***Prisma Cloud Now Secures Apps with the Industry's Only Integrated Web App Firewall (WAF), API Security, Runtime Protection and Bot Defense Platform***

We're proud to announce our next set of developments for workloads for Prisma Cloud, which will help to bolster host and container security for our customers.

At Palo Alto Networks, our team is committed to delivering comprehensive [Cloud Workload Protection](https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform?ts=markdown) capabilities across the cloud native continuum -- securing hosts, containers and Kubernetes, and serverless functions -- both at runtime and across the application lifecycle.

## Industry-Wide Need for Integrated Tools

Integrated and comprehensive platforms are essential as cloud native adoption continues to grow. In the [2020 Cloud Native Computing Foundation Survey](https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf), CNCF shared that:

* **Container usage continues to rise:** Use of containers in production has increased by 300% since 2016, up 84% just in the last year.
* **Kubernetes is more mainstream than ever:** A full 91% of CNCF respondents report using Kubernetes, with 83% of them using Kubernetes in production.
* **Serverless adoption continues:** 30% of respondents reported using serverless technologies in production today.
* **CI/CD technologies are essential to cloud native users:** More than 80% of respondents use CI/CD pipelines in production.

In search of efficiency, organizations are [adopting a mix](https://www.paloaltonetworks.com/blog/2020/06/cloud-native-security-genome/?ts=markdown) of cloud native architectures, combining them with various pipeline technologies and integrating them into rapid release cycles. However, they are often stitching together multiple, single-purpose security solutions to protect these stacks -- creating operational burdens and security gaps.

The latest Prisma Cloud enhancements for [Cloud Workload Protection](https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform?ts=markdown) allow DevOps teams to continue building and deploying their workloads and applications rapidly, while helping security teams deliver comprehensive protection.

## An Integrated Approach for Web Application and API Security

In our Prisma Cloud 2.0 launch, we unveiled our [Web Application and API Security (WAAS) module](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security?ts=markdown) for discovering and protecting web applications and APIs running across clouds, delivering customizable [OWASP Top 10 protection](https://www.paloaltonetworks.com/blog/prisma-cloud/secure-cloud-native-api-microservices/?ts=markdown), API security and runtime protection. By delivering these capabilities from a single dashboard integrated with our [Defender unified agent framework](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/defender_types), security teams can quickly and easily deploy and enable protection for cloud native applications.

To demonstrate the module's potential, our product team ran an internal benchmark analysis against other leading solutions. The team measured the rate of false positives and negatives by running a rich arsenal of real-world attack payloads against a set of over 200,000 legitimate web transactions.

Detailed in [a new whitepaper](https://start.paloaltonetworks.com/web-application-security-accuracy), our team showed that our web application firewall (WAF) capabilities outperformed six competing solutions. The Prisma Cloud module has the **highest precision rating** at 99.3%, which measures the ability to avoid false positives and false negatives. It also has the **lowest false positive rating** at just 0.02%.

## Adding Bot Risk Management and Advanced DoS Protection

![The screenshot shows bot protection controls inside Prisma Cloud. Top of screenshot reads "Edit WAAS app." Bot protection controls can cover known bots, unknown bots, active bot detection and user defined bots.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-19.png)
Figure 1. Bot protection controls inside Prisma Cloud

In addition to unveiling our benchmark test results, we're releasing new robust WAAS capabilities, including:

* **Bot protection:** WAAS customers can manage web bots and decide how to handle access for different bot types. Users have customizable visibility and protection covering known bots, unknown bots, and user-defined bots. Each setting can be applied to specific applications as chosen by the security team.
* **Advanced DoS protection:** WAAS now includes the ability to defend against application layer denial-of-service (DoS) attacks by applying rate controls.

![Web application and API security: The screenshot shows aggregated WAAS events in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-20.png)
Figure 2. New aggregated WAAS event details

## Host Security: Custom Compliance Policies

Though container and Kubernetes adoption continue to rise rapidly, hosts or cloud VMs are still central to cloud infrastructure strategy. Whether an organization has adopted a lift-and-shift approach to move workloads to the cloud or is leveraging VMs to run a containerized stack, security teams need to protect these workloads. This includes having continuous vulnerability management and compliance, runtime protection (file integrity monitoring, log inspection, custom runtime rules), access control and forensics.

With our new custom host compliance policies, users can implement security policy compliance checks for these protections via Bash scripts to cover host operating systems, orchestrator configurations or runtime checks.
![Host and container security in Prisma Cloud: The screenshot shows an example of a host custom compliance policy UI. The top of the window reads, "Edit Hosts file exists."](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-21.png)
Figure 3. Screenshot of Host custom compliance policy UI

## Container Security: Enhanced Kubernetes Cluster Awareness and CRI-O Compliance Checks

#### **Kubernetes Cluster Awareness**

As security teams monitor and protect a growing and constantly evolving set of Kubernetes environments, using Kubernetes-native constructs to map rules and policies, and view runtime audits saves them time and energy. In our latest release, Prisma Cloud improves how teams can leverage Kubernetes cluster names across the platform.

![Monitor/Runtime; Incident response; Active; Cluster; Incident Reverse Shell - the options selected in the screenshot show an example in Prisma Cloud of security incidents filtered using cluster definitions.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-22.png)
Figure 4. Security incidents filtered using cluster definitions

Teams can use cluster names to map environments and policies or view runtime environments and audits. Examples include:

* Segmenting [Radar](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/radar) views to specific clusters.
* Viewing image scan results by cluster.
* Building and mapping policies across environments by cluster.

The screenshot above shows how security teams can use clusters as a filter for viewing security incidents in Incident Explorer, so they can quickly diagnose an incident, review kill chain data and see a timeline view.

#### **CRI-O Compliance Checks**

As [CRI-O](https://github.com/cri-o/cri-o#what-is-the-scope-of-this-project) continues to emerge as an open standard for container runtimes, DevOps and security teams will want to ensure they have the proper security policy compliance checks mapped to this technology.

Now, Prisma Cloud maps 25 specific compliance checks to CRI-O across containers, images and host configurations. Within the compliance rules editor, users can quickly and easily select these pre-built mappings in the dropdown menu, as highlighted in the screenshot below.
![Prisma Cloud CRI-O compliance policies: Create new compliance rule, Compliance actions. The selected options can help organizations enhance host and container security.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-23.png)
Figure 5. Screenshot of new CRI-O compliance policies

## Additional Key Features

Our latest release includes enhancements across our platform:

* \*\*Defender scale:\*\*Support up to 10,000 Defenders for each console or project.
* \*\*Intelligence stream enhancements:\*\*For air-gapped or disconnected environments, the Compute Edition console now automatically manages and distributes intelligence stream data.
* **Base layer vulnerabilities:** Segment vulnerability findings against application-layer vulnerabilities.
* **Grace periods:** Vulnerability grace periods can now be aligned to vendors' fix dates.
* **Native image vulnerability results within Harbor:** For Harbor registry users, Prisma Cloud now delivers vulnerability results directly within Harbor, as well as our application.

All the features above are available today in Prisma Cloud Compute Edition with general availability in Prisma Cloud Enterprise Edition by early-February. To learn more, join us at our 2021 Virtual Summit on Jan. 26, "[Building a Scalable Strategy for Cloud Security](https://register.paloaltonetworks.com/building-scalable-strategy-for-cloud)."

*** ** * ** ***

## Related Blogs

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Demystifying Container Security](https://www.paloaltonetworks.com/blog/2021/10/demystifying-container-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### What You Need to Know About Azurescape](https://www.paloaltonetworks.com/blog/2021/09/azurescape/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Discover, Protect and Respond with AWS and Prisma Cloud](https://www.paloaltonetworks.com/blog/2024/11/aws-and-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud: Darwin Release Introduces Code to Cloud Intelligence](https://www.paloaltonetworks.com/blog/2023/10/announcing-innovations-cnapp-prisma-cloud/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Agentless Workload Scanning Gets Supercharged with Malware Scanning](https://www.paloaltonetworks.com/blog/2023/06/agentless-malware-scanning/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Commercial Initiatives for Partner Success -- Breakaway 1=5](https://www.paloaltonetworks.com/blog/2023/02/commercial-initiatives-for-partner-success/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language