Data from existing third party vulnerability scanning tools which identify missing patches by IP address is not actionable, since IP addresses are constantly changing in cloud environments. Prisma Cloud correlates vulnerability data with host configurations and network traffic in the cloud to accurately pinpoint the vulnerable host, provide context on its business purpose, and ultimately determine its level of exposure, which helps prioritize patching. For example, if a vulnerable host is identified as a database that is exposed to the internet, it should be prioritized for patching.
To truly detect threats in public cloud computing environments, comprehensive visibility is necessary. Prisma Cloud takes a new AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations and threat intelligence. This enables it to detect complex threats and auto-remediate issues quickly. In the example above, if the vulnerable database is receiving traffic from a known malicious IP address, it should be immediately quarantined into a private network.
Investigations are challenging in public cloud computing environments because they are constantly changing. Prisma Cloud maintains snapshots of your environment so that you can investigate any current or past incidents. You can run complex queries across your environment in seconds and analyze the results with an interactive risk map. You can also get a detailed incident timeline to trace incidents. For example, you could get a timeline of a user’s activity for the past month to determine if there was any suspicious activity.
In the DevOps era, changes occur very rapidly and it is simply impossible to manually triage all issues. Not only is it important to identify what risky configuration was identified in your environment, but also to determine which developer introduced the issue, and have the option to automate remediation. Prisma Cloud enables you to fully automate security from incident detection to remediation. It also offers you the ability to leverage your existing investments by integrating with a number of third party orchestration tools. For example, if the platform detects an account hijacking attempt, it can instantly disable the user’s account.