* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Discovery and Exposure Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-discovery-and-exposure-management/)
* Peekaboo! We See Connecti...

# Peekaboo! We See Connections Between Your Shadow and Sanctioned Clouds

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcdem-closes-security-gap%2F)  
[](https://twitter.com/share?text=Peekaboo%21+We+See+Connections+Between+Your+Shadow+and+Sanctioned+Clouds&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcdem-closes-security-gap%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcdem-closes-security-gap%2F&title=Peekaboo%21+We+See+Connections+Between+Your+Shadow+and+Sanctioned+Clouds&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/cdem-closes-security-gap/&ts=markdown)  
\[\](mailto:?subject=Peekaboo! We See Connections Between Your Shadow and Sanctioned Clouds)  
Link copied  
By [Jason Williams](https://www.paloaltonetworks.com/blog/author/jason-williams/?ts=markdown "Posts by Jason Williams")  
Jul 02, 2024  
5 minutes  
[Cloud Discovery and Exposure Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-discovery-and-exposure-management/?ts=markdown)  
[Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[CDEM](https://www.paloaltonetworks.com/blog/tag/cdem/?ts=markdown)

Shadow IT and unmanaged cloud assets pose significant security risks for organizations. Prisma Cloud, in recent months, has addressed this visibility gap left by legacy [CSPM technologies](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) --- identifying the unknown internet attack surface through a technology we call cloud discovery and exposure management, or CDEM.

In this blog post, we look at the background of the CDEM and what the new network visibility means.

## What Is CDEM?

Cloud discovery and exposure management (CDEM) is a security technology that identifies, evaluates and helps mitigate unknown cloud assets within an organization's digital ecosystem. It expands the capabilities of traditional CSPM by not only managing known and monitored assets but also by uncovering and integrating shadow, or unknown, assets into the security fold. CDEM provides a unique, attacker-like perspective of an organization's cloud infrastructure.
![CDEM scans the internet for publicly exposed cloud assets.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/word-image-324473-1.png)
Figure 1: CDEM scans the internet for publicly exposed cloud assets.

## What Is a Shadow or Unknown Cloud Asset?

Shadow or unknown cloud assets are elements of an organization's digital infrastructure that aren't actively managed or cataloged by its IT department. These can include servers, storage devices or entire applications set up without the explicit approval or knowledge of IT personnel, often in response to urgent business needs. Such assets present significant security risks, as their unmonitored states make them ideal targets for malicious activities.

## Why Do I Need CDEM If I'm Using CSPM?

CSPM offers good visibility into secured assets but can only see assets in clouds it's connected to. CDEM, similar to [attack surface management (ASM)](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management?ts=markdown) tools, can identify IT assets exposed to the internet, many in unconnected clouds the organization is unaware of.

Some CSPM technologies offer agentless network visibility, collecting and illustrating flow logs from cloud providers. This helps organizations understand which assets communicate with others and the internet. Without CDEM context, CSPM tools will flag network connections to unsanctioned assets as unknown or untrusted sources. This is because the CSPM tools don't know which unsanctioned, internet-facing assets belong to the organization.

## Illuminating Connections to Shadow Assets

For years, Prisma Cloud has been ingesting network flow logs across AWS, Azure and GCP clouds to help organizations understand their network-based application dependencies and communications to and from malicious internet sources. The recent integration of CDEM takes this capacity to the next level.

Through CDEM technology, Prisma Cloud correlates network flow data with internet attack surface scans, identifying transactions between sanctioned and unsanctioned cloud assets. In other words, the platform contextualizes findings across CSPM and external attack surface scans to identify, evaluate and help mitigate risks associated with both known and unknown cloud assets.

Security teams can understand network-based application dependencies to potentially unknown assets. Additionally, as internet-exposed risks emerge, security teams get insights into potential lateral movement points. Visibility into these relationships can also help teams prioritize onboarding and remediation steps, as internet exposure attack surfaces can impact the managed environment.
![Network connectivity between managed and unmanaged assets](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/word-image-324473-2.png)
Figure 2: Network connectivity between managed and unmanaged assets

## How Does CDEM Work?

The operational framework of CDEM involves several key processes that ensure comprehensive management and protection of cloud assets. Initially, CDEM tools scan the entire cloud environment --- including parts not covered by existing CSPM solutions. This is typically achieved by scanning the IPv4 space to identify all internet-facing assets associated with the organization.

### Discovery Phase

The discovery phase of CDEM involves an extensive scan of the cloud environment using machine learning algorithms to identify all assets exposed to the internet. These assets include everything from virtual machines and databases to third-party services and APIs. Palo Alto Networks uses data from various sources such as IP registration databases, DNS records and certificate details to accurately attribute each discovered asset to the organization.

### Risk Assessment

Once these assets are identified, Prisma Cloud assesses them for vulnerabilities and exposure risks. This assessment is not just limited to identifying insecure configurations or outdated systems but also includes analyzing the network flows and relationships between known and unknown assets. This comprehensive evaluation helps in understanding the potential pathways an attacker could exploit.

### Integration and Management

After identification and evaluation, the next step involves integrating these previously unknown assets into the organization's managed cloud environment. Prisma Cloud provides workflows that help transition these assets from unmanaged to managed status, bringing them under the monitoring by CSPM. This transition includes setting up proper governance, compliance checks and continuous monitoring to ensure they remain secure.

### Continuous Monitoring and Remediation

Finally, CDEM ensures that all cloud assets, once brought into the managed environment, are continuously monitored for new risks and vulnerabilities. The system automatically prioritizes risks based on their potential impact, guiding security teams on which issues to address first. Additionally, it provides actionable insights for remediation, reducing the time and resources required to secure the cloud environment.

## Learn More

With the mission of helping organizations secure their applications from code to cloud, Prisma Cloud offers visibility into internal risks and external attack surfaces. Additionally, the platform correlates risk signals, helping security teams connect the dots across their cloud-native estate.

To learn more about how internet-exposed assets are discovered, what processes are used to identify and prioritize risks, and how to remediate the risk created by rogue, unmanaged assets, download our white paper [Cloud Discovery and Exposure Management](https://www.paloaltonetworks.com/resources/whitepapers/cloud-discovery-exposure-management?ts=markdown). And if you'd like to see CDEM technology in action, [book a demo](https://www.paloaltonetworks.com/prisma/cloud/request-a-prisma-cloud-demo?ts=markdown) with one of our experts.

*** ** * ** ***

## Related Blogs

### [Cloud Discovery and Exposure Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-discovery-and-exposure-management/?ts=markdown), [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown)

[#### Cloud Discovery and Exposure Management: Unveiling the Hidden Landscape](https://www.paloaltonetworks.com/blog/cloud-security/cloud-discovery-exposure-management/)

### [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Why You Need ASM ASAP](https://www.paloaltonetworks.com/blog/security-operations/esg-asm-value-drivers/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www.paloaltonetworks.com/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's New in Cortex](https://www.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Securing Shadow AI with Cortex Xpanse](https://www.paloaltonetworks.com/blog/security-operations/securing-shadow-ai-with-cortex-xpanse/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### How Cortex Defends Against Microsoft SharePoint "ToolShell" Exploits](https://www.paloaltonetworks.com/blog/security-operations/how-cortex-defends-against-microsoft-sharepoint-toolshell-exploits/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language