* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/)
* Automating Visibility and...

# Automating Visibility and Protection for Cloud VMs

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fautomating-visibility-protection-cloud-vms%2F)  
[](https://twitter.com/share?text=Automating+Visibility+and+Protection+for+Cloud+VMs&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fautomating-visibility-protection-cloud-vms%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fautomating-visibility-protection-cloud-vms%2F&title=Automating+Visibility+and+Protection+for+Cloud+VMs&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/automating-visibility-protection-cloud-vms/&ts=markdown)  
\[\](mailto:?subject=Automating Visibility and Protection for Cloud VMs)  
Link copied  
By [Tomer Spivak](https://www.paloaltonetworks.com/blog/author/tomer-spivak/?ts=markdown "Posts by Tomer Spivak")  
Apr 29, 2021  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)  
[AWS](https://www.paloaltonetworks.com/blog/tag/aws/?ts=markdown)  
[Azure](https://www.paloaltonetworks.com/blog/tag/azure/?ts=markdown)  
[Google Cloud](https://www.paloaltonetworks.com/blog/tag/google-cloud/?ts=markdown)

Today's enterprises use a combination of hosts, containers and serverless architectures to power their business applications. As these organizations begin to scale these diverse environments, most find that it is not sustainable to manually detect and confirm configurations for each resource.

In the [January 2021 release for Prisma Cloud](https://www.paloaltonetworks.com/blog/2021/01/cloud-host-container-web-app-api-release/?ts=markdown) we added the ability to automatically scan Amazon Web Services (AWS) accounts and discover all cloud hosts to determine their protection coverage. Discovery is done via AWS APIs, without any agent installation, and only requires an [authorized service account](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/cloud_discovery.html).

Now as part of the [April 2021 release](https://www.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/?ts=markdown) we are expanding this capability for even better visibility and control for cloud hosts, with:

1. Auto-discovery of cloud hosts on Google Cloud and Microsoft Azure.
2. Auto-protection for AWS hosts.

## Why Automated Protection is Needed for Hosts

Unprotected virtual machines present compromise points for enterprise security. Without protection, organizations lack continuous vulnerability management, compliance monitoring and runtime protection, as well as capabilities like host audit log analysis, file integrity monitoring (FIM), malware detection and more.

With [Prisma Cloud Defender installed on a cloud VM](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_host_defender.html), security teams can quickly see vulnerability and compliance data, and implement protections for their applications at runtime. Additionally, teams can enable custom compliance rules, vulnerability policies, and other powerful runtime protection capabilities like the ones described above.

Unlike traditional datacenter hosts, cloud hosts are primarily deployed via templates or command line interface/quick-launch flows. This results in churning virtual machines on-demand, with greater frequency.

Prisma Cloud provides security and DevOps teams quick visibility into any unprotected VMs, with automatically-delivered protection for ones on public clouds, thus removing blind spots.

## Auto-Discovery for Public Cloud VMs

To enable auto-discovery for VMs on Azure and Google Cloud, users just need to add the accounts to Prisma Cloud and kick off a discovery scan, the same way they already do for AWS.

The scan identifies all instances across all regions within those accounts and populates them in [Cloud Radar](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/radar).
![Unified cloud radar view in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/04/word-image-70.png)
Cloud Radar provides a complete view of assets across multiple clouds.

Users can then drill down into the specific cloud provider and region to view the details of the discovered assets, including security coverage status.
![Viewing AWS resources in a specific region](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/04/word-image-71.png)
Viewing AWS resources specifically in the 'us-east-1' region.

## Auto-Protection for AWS Hosts

While gaining visibility of all cloud hosts is important, being able to automatically provide security coverage is even more important. Prisma Cloud now provides an auto-protect capability to automatically install [Defenders](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-reference-architecture-compute/platform_components/defender) on cloud hosts discovered in AWS accounts.
[![Showing unprotected EC2 instances in northern California](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/04/unprotected-EC2.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/04/unprotected-EC2.png?ts=markdown) Unprotected EC2 instances in northern California

Users can create one or more rules, and use filters like account, region and tags to further target hosts in specific areas of their deployments.
[![Creating an auto-defend rule](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/04/auto-defend-rule.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/04/auto-defend-rule.png?ts=markdown) Creating an auto-defend rule

The rule deploys defenders immediately, and can be run periodically to cover any new hosts that have been spun up.
[![All instances protected after rule successfully applied](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/04/auto-protected-instances.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/04/auto-protected-instances.png?ts=markdown) All instances protected after rule successfully applied.

Auto-protection for AWS relies on a set of access permissions to the AWS API and utilizes [AWS System Manager (SSM)](https://docs.aws.amazon.com/systems-manager/index.html) to install the Defenders.

As a part of the [21.04 release](https://www.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/?ts=markdown), Prisma Cloud provides auto-protection for Linux hosts in AWS. Coverage for Google Cloud and Azure will be added in upcoming releases.

## Conclusion

Auto-discovery gives you a full inventory of all of your protected and unprotected cloud hosts across AWS, Azure and Google Cloud. Auto-protect takes that a step further to automatically deploy Defenders to protect your Amazon Elastic Compute Cloud (EC2) instances without any manual installation. This lowers the friction involved in gaining visibility and security for your cloud assets.

You can learn more about securing diverse architectures into runtime with our latest ebook, [Why and How to Add Runtime Defense to Your Cloud Security Strategy](https://www.paloaltonetworks.com/resources/whitepapers/add-runtime-defense-cloud-security.html?ts=markdown). And for technical reference, please refer to the [auto defend hosts](https://docs.twistlock.com/docs/compute_edition_21_04/install/install_defender/auto_defend_host.html) section in our [documentation](https://docs.twistlock.com/docs/).

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Prisma Cloud Secures Containerized Apps on AWS-Optimized Bottlerocket](https://www.paloaltonetworks.com/blog/cloud-security/secure-containerized-app-aws-bottlerocket/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Google Cloud and Prisma Cloud: Partnering to protect cloud VMs](https://www.paloaltonetworks.com/blog/cloud-security/google-cloud-prisma-cloud-partnering-to-protect-cloud-vms/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Better Together With IBM and Prisma Cloud Compute Edition](https://www.paloaltonetworks.com/blog/cloud-security/better-together-ibm-prisma-cloud/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Open Source License Detection and Expanded Git Repo Scanning](https://www.paloaltonetworks.com/blog/cloud-security/open-source-license-detection-expanded-git-repo-scanning/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Cloud NGFW is Essential for AWS \& Azure Cloud Traffic Protection](https://www.paloaltonetworks.com/blog/network-security/cloud-ngfw-is-essential-for-aws-azure-cloud-traffic-protection/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisoryanalysis/?ts=markdown)

[#### CircleCI Incident Highlights Cloud Platform Querying Struggles for Compromised Credentials](https://www.paloaltonetworks.com/blog/cloud-security/circleci-platform-query-credentials/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language