Enhanced Least-Privilege Recommendations from Prisma Cloud and AWS
Nov 27, 2023
3 minutes
319 views
Prisma Cloud’s integration with AWS Identity and Access Management (IAM) Access Analyzer provides users with accurate least-privileged access recommendations.
Palo Alto Networks is proud to partner with Amazon Web Services on their expanded AWS IAM Access Analyzer service. IAM Access Analyzer helps customers identify unused and external access to AWS resources.
Prisma Cloud’s New Integration with AWS IAM Access Analyzer
Amazon Web Services announced the expansion of AWS IAM Access Analyzer capabilities to include additional types of findings through access analysis. These features help customers detect unused access and external access for AWS services.
Through our partnership with Amazon Web Services, Prisma Cloud will integrate with the new release of AWS IAM Access Analyzer, increasing the granularity of our Prisma Cloud’s Suggest Least-Privileged Access recommendations.
Previously, Prisma Cloud had utilized AWS Access Advisor data to enhance calculations on unused access at the service level. But with the new integration, Prisma Cloud users will be able to see what actions were taken within a specific service. This increased granularity will allow Prisma Cloud to give least-privileged access recommendations at a new and more targeted level. In other words, Prisma Cloud can now recommend removing unused access within a service, provisioning users with access to only the actions they need by integrating with IAM Access Analyzer.
Enforcing least-privilege at the action level will help our customers reduce the IAM attack surface.
At the core of this integration lies the seamless exchange of data. Prisma Cloud’s last access calculation, which includes trail log data, is analyzed in conjunction with data ingested through the AWS IAM Access Analyzer APIs, ensuring that every relevant detail is considered when formulating Suggest Least-Privileged Access recommendations.
Prisma Cloud Delivers CIEM for AWS
Organizations face a constant challenge in managing and securing identities and access permissions across their cloud environments. Prisma Cloud offers a comprehensive IAM security solution that empowers organizations to safeguard their cloud infrastructure.
Behind Prisma Cloud’s cloud infrastructure entitlement management (CIEM) capabilities lies a complete visibility into net-effective permissions, providing deep insights into the access privileges held by AWS users and machine identities. This capability eliminates the complexity of traditional permission analysis, enabling users to effortlessly answer critical questions, like Which identities can access our most sensitive assets?
Prisma Cloud further extends its value by guiding users in maintaining and rightsizing IAM access, ensuring that it aligns with stringent cloud security standards without hindering the efficiency of daily operations.
Learn More
If you’d like to experience securing your AWS environment with Prisma Cloud, try a free 30-day trial.
Related Blogs
Our library of online content is here to help you learn more, no matter what format you prefer or which topic interests you most.
Subscribe to Cloud Native Security Blogs!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.