Cloud Data Security

Data classification and malware scanning across public cloud storage.

The near-limitless capacity offered by cloud storage services has enabled organizations to collect exponentially larger amounts of data, amplifying the challenges of traditional, lengthy and error-prone manual processes for classification.

Read about our approach to Cloud Data Security.

Protect public cloud storage services

Prisma Cloud Data Security is purpose-built to address the challenges of discovering and protecting data at the scale and velocity common in public cloud environments. By combining the power of Palo Alto Networks Enterprise Data Loss Prevention (DLP) and WildFire® malware prevention service, only Prisma Cloud Data Security offers a comprehensive, integrated cloud native solution.
  • Gain unmatched visibility down to the object level
  • Ensure your storage services are not hosting any malware
  • Automatically remediate misconfigurations and prevent exposure
  • Data visibility and object classification
    Data visibility and object classification
  • Malware prevention
    Malware prevention
  • Exposure risk calculation
    Exposure risk calculation


Our approach to Cloud Data Security

Sensitive data detection

Prisma Cloud leverages Palo Alto Networks powerful Enterprise DLP to categorize sensitive and regulated data, such as PII, protected health information (PHI), customer records, financial data and intellectual property.

  • Enterprise DLP engine

    Save significant time by using consistent DLP profiles to recognize sensitive data patterns anywhere data is stored across the enterprise. Prisma Cloud uses the same DLP engine enabling existing customers to reuse any specific profiles they’ve already built.

  • Data discovery at cloud scale

    Leverage machine learning and pattern recognition to accurately detect many different types of data, such as addresses, credit cards or driver’s license numbers. Users can even define their own data patterns unique to each use case.

  • Security posture visibility

    Gain comprehensive visibility into the security and privacy posture of the data stored in AWS S3. Immediately gain insight into any exposed or publicly accessible buckets.

Malware prevention

Ensuring stored data is free from malware that can spread across cloud environments is an essential yet often overlooked security requirement for cloud storage services. By leveraging WildFire, Prisma Cloud identifies and helps protect against known and unknown file-based threats that have infiltrated S3 buckets.

  • WildFire integration

    Use our WildFire malware analysis engine, seamlessly integrated into the Prisma Cloud Data Security module, to quickly and easily identify any malware hidden in your stored data without requiring a separate, siloed security product.

  • Antivirus for AWS S3

    Discover Trojans as well as other types of viruses and malware hidden in your AWS S3 buckets. Easily delete, tag or quarantine infected objects.

  • Deep integration

    Use a single UI for comprehensive cloud security. Prisma Cloud Data Security is built into the same platform and UI as every other Prisma Cloud capability.

Prevent accidental exposure

Publicly exposed sensitive data is one of the most commonly seen vulnerabilities across public cloud environments. The exponential growth of collected data amplifies this issue. Prisma Cloud prevents publicly exposed sensitive data by automatically and continuously monitoring S3 objects, bucket policies and ACLs, and other configurations.

  • Exposure risk calculation

    Automatically and continuously monitor configurations for access control, policy, objects and others to calculate the exposure of objects. This allows users to quickly remediate unintended settings for buckets that have been identified as containing sensitive data.

  • Exfiltration prevention

    Gain visibility into misconfigured S3 buckets that are exposed. Leverage ML-powered policies to detect malicious insider activity and exfiltration attempts.

  • Automated remediation

    Enforce a continuously robust security posture across storage services by either letting Prisma Cloud fix any misconfigurations or by sending alerts to an existing workflow via 14 integrations.

Purpose-built policies, profiles and patterns

Prisma Cloud delivers built-in and custom policies to quickly alert on and remediate unintended settings on buckets and objects. It also enables you to create custom data profiles and patterns unique to your environment to reduce false positives. Users can send alert notifications to Simple Queue Service (SQS), Splunk and Webhook for remediation.

  • 500+ patterns included

    Leverage the Enterprise DLP engine with Prisma Cloud Data Security, which includes more than 500 data patterns and several data-specific security policies.

  • Granular customization

    Go beyond our built-in policies – Prisma Cloud offers users the ability to customize any data policies, patterns or profiles to ensure they accurately detect and alert on the specific types of sensitive data being stored.

  • Automated remediation

    Enforce a continuously robust security posture across storage services by either letting Prisma Cloud fix any misconfigurations or by sending alerts to an existing workflow via 14 integrations.

Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Security Posture Management modules

Visibility, Compliance and Governance

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

Threat Detection

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

Data Security

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.