Bringing a Point of View to Your CIEM Strategy with Prisma Cloud

May 30, 2024
4 minutes
... views

A Preview of New Features in Prisma Cloud

Managing cloud infrastructure and entitlement management (CIEM) is hard enough with multicloud, sprawling machine and user identities, and users accessing the cloud through identity providers (IdP). CIEM tools compile so much data, knowing where to start is a challenge.

As your trusted security advisor, Prisma Cloud is building new capabilities to give your organization a strong point of view on where to focus your time with identity and access management (IAM). Three areas where we believe that organizations should have an increased focus are: admins, overly permissive identities and third-party access.

This blog is the start of a series designed to provide a preview of Prisma Cloud’s latest CIEM innovations, with deep dives into each.

Focus on Your Most Risky Entitlements: Admins

According to Microsoft’s 2023 State of Cloud Permissions Risks report, more than 50% of identities are super admins—users or workloads that have access to all permissions and resources. This is a shocking statistic that clearly violates the principle of least privilege. Admin entitlements should be granted as infrequently as possible, as they present the most risk to an organization.

An important feature in a CIEM tool is to be able to easily highlight admin access levels within the cloud environment to ensure they’re only granted to necessary users. If admins have unused privileges, it’s a security best practice to either assign a new policy or remove the unused permissions.

Prisma Cloud makes it easy for organizations to identify these admins with an extensive policy set and remediation guidance that will remove risky, overly permissive access.

Most Identities Are Overly Permissive

It's common sense that organizations should remove overly permissive access. But the facts tell of a different reality, with one study revealing that:

  • Identities use, on average, 1% of the permissions they’re granted
  • More than 60% of identities are inactive and haven’t used any of the permissions granted in the last 90 days

Statistics like this prove that organizations are failing to properly secure their identity attack surface.

Granting overly permissive access is a significant problem, since almost every successful cloud cyberattack has an identity component to it. To combat this, Prisma Cloud provides remediation guidance to achieve least privilege and also gives recommendations for removing unused access within a service, provisioning users with access to only the actions they need.

Prisma Cloud least-privileged access suggestions
Prisma Cloud least-privileged access suggestions

To help organizations easily highlight overly permissive access, Prisma Cloud automatically notifies security teams of overly permissive access. Additionally, to go a level deeper, the intuitive RQL now enables easy investigation of overprivileged access.

Govern Third-Party Access

Governing third-party access is a vital component of comprehensive cloud security. Third parties, including vendors, contractors and partners, often require access to various parts of an organization's cloud infrastructure to perform their functions. However, this access can introduce significant security risks. If not properly managed, it can lead to unauthorized actions and data breaches.

By continuously monitoring and auditing third-party access to cloud environments, Prisma Cloud enables organizations to enforce strict access controls, such as least-privilege, over third-party access. Through effective management of third-party entitlements, organizations can maintain stronger security postures and mitigate potential threats arising from external access.

To ensure that third parties only have access to the resources necessary for their roles, reducing the risk of exposure to sensitive data and critical systems, Prisma Cloud has recently released an extensive list of policies that help organizations govern if a third-party service account can assume a service account with high privileges or if a third-party account has lateral movement.

Unlock Attack Paths with Prisma Cloud CNAPP

A misconfigured or overly permissive identity by itself doesn’t always represent application risk. CIEM is seamlessly integrated into the Prisma Cloud platform, enabling security teams to correlate findings so they can prioritize and understand critical risks. Prisma Cloud analyzes misconfigurations, vulnerabilities, public exposures, excessive permissions, exposed secrets, sensitive data, incidents and more. The platform combines multiple risk factors across identities and cloud assets to visualize interconnected risks and prioritize alerts, helping security teams understand how several configuration mistakes form attack paths.

By integrating a leading CIEM solution into its cloud-native application protection platform (CNAPP), Prisma Cloud ensures the security of applications from code to cloud across multicloud environments. The comprehensive security, continuous visibility and proactive threat prevention give organizations the ability to stop attacks in runtime, fix issues in the cloud and fix forever in code. Keep track of our latest CIEM innovations.

Learn More

If you’d like to learn more about how Prisma Cloud can secure the identity attack surface, register for an upcoming visibility & control bootcamp.




Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.