Enhanced Least-Privilege Recommendations from Prisma Cloud and AWS

Nov 27, 2023
3 minutes

Prisma Cloud’s integration with AWS Identity and Access Management (IAM) Access Analyzer provides users with accurate least-privileged access recommendations.

Palo Alto Networks is proud to partner with Amazon Web Services on their expanded AWS IAM Access Analyzer service. IAM Access Analyzer helps customers identify unused and external access to AWS resources.

Prisma Cloud’s New Integration with AWS IAM Access Analyzer

Amazon Web Services announced the expansion of AWS IAM Access Analyzer capabilities to include additional types of findings through access analysis. These features help customers detect unused access and external access for AWS services.

Through our partnership with Amazon Web Services, Prisma Cloud will integrate with the new release of AWS IAM Access Analyzer, increasing the granularity of our Prisma Cloud’s Suggest Least-Privileged Access recommendations.

Prisma Cloud’s Suggest Least-Privileged Access recommendations
Figure 1: Prisma Cloud’s Suggest Least-Privileged Access recommendations

Previously, Prisma Cloud had utilized AWS Access Advisor data to enhance calculations on unused access at the service level. But with the new integration, Prisma Cloud users will be able to see what actions were taken within a specific service. This increased granularity will allow Prisma Cloud to give least-privileged access recommendations at a new and more targeted level. In other words, Prisma Cloud can now recommend removing unused access within a service, provisioning users with access to only the actions they need by integrating with IAM Access Analyzer.

Enforcing least-privilege at the action level will help our customers reduce the IAM attack surface.

Prisma Cloud ingests data from AWS IAM Access Analyzer to provide least-privileged access recommendations to users.
Figure 2: Prisma Cloud ingests data from AWS IAM Access Analyzer to provide least-privileged access recommendations to users.

At the core of this integration lies the seamless exchange of data. Prisma Cloud’s last access calculation, which includes trail log data, is analyzed in conjunction with data ingested through the AWS IAM Access Analyzer APIs, ensuring that every relevant detail is considered when formulating Suggest Least-Privileged Access recommendations.

Prisma Cloud Delivers CIEM for AWS

Organizations face a constant challenge in managing and securing identities and access permissions across their cloud environments. Prisma Cloud offers a comprehensive IAM security solution that empowers organizations to safeguard their cloud infrastructure.

Behind Prisma Cloud’s cloud infrastructure entitlement management (CIEM) capabilities lies a complete visibility into net-effective permissions, providing deep insights into the access privileges held by AWS users and machine identities. This capability eliminates the complexity of traditional permission analysis, enabling users to effortlessly answer critical questions, like Which identities can access our most sensitive assets?

Prisma Cloud further extends its value by guiding users in maintaining and rightsizing IAM access, ensuring that it aligns with stringent cloud security standards without hindering the efficiency of daily operations.

Learn More

If you’d like to experience securing your AWS environment with Prisma Cloud, try a free 30-day trial.


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.