Search

Introducing
Cortex Cloud

Bringing together best-in-class CDR with the next version of
Prisma Cloud's leading CNAPP for real-time cloud security.

logo

Overly permissive roles, poor credential hygiene and accidental public exposure have all caused significant breaches of enterprise cloud environments.

Learn how IAM controls protect your cloud against breaches.

Download the datasheet

Effective permissions calculations are complex

In the public cloud, permissions can be defined and inherited from many places — roles, resources, access control lists and more. Gaining visibility into net-effective permissions across cloud providers is complex, to say the least.

Overly permissive roles can lead to high-impact failures

By exploiting identity and access management (IAM) misconfigurations such as overly permissive roles, an attacker can establish control over your entire cloud environment. With these “keys to the kingdom,” it’s easy to take down entire accounts or repurpose them for malicious activities.

Implementing least-privileged access is challenging

While the principle of least privilege is a straightforward concept, continuously maintaining this best practice across highly dynamic multicloud environments eventually becomes a major challenge for every organization.

Monitor permissions and continuously enforce least-privileged access

Cloud Infrastructure Entitlement Management (CIEM) provides users with broad visibility into effective permissions, continuously monitors multicloud environments for risky and unused entitlements, and automatically makes least privilege recommendations. Users gain simple yet powerful insight into which identities have access to critical infrastructure – including those associated with an IdP provider – all seamlessly integrated into Prisma® Cloud.
  • Query permissions across users, compute instances, cloud resources and more
  • Monitor excessive and unused privileges
  • Automate remediation of overly permissive roles
  • Net-effective permissions
    Net-effective permissions
  • Rightsizing permissions
    Rightsizing permissions
  • IAM entitlement investigation
    IAM entitlement investigation
  • IDP integration
    IdP integration
  • Automated remediation
    Automated remediation
THE PRISMA CLOUD SOLUTION

Our approach to Cloud Infrastructure Entitlement Management

Net-effective permissions

Gain comprehensive visibility into who can take what actions on which resources. CIEM is purpose-built to directly solve the challenges of managing permissions across AWS, Azure, and GCP. Prisma Cloud automatically calculates users' effective permissions across cloud service providers, detects overly permissive access, and suggests corrections to reach least privilege.

  • Manage multicloud entitlements from a single solution

    Gain integrated multicloud capabilities delivered from Prisma Cloud that extend everything we do for Cloud Security Posture Management (CSPM) to cloud identities.

  • Implement pre-built policies

    Leverage specialized out-of-the-box policies to detect risky permissions and remove unwanted access to cloud resources.

  • Audit permissions for internal compliance

    Quickly audit cloud permissions with related user data, service data and cloud accounts.

Learn more
Net-effective permissions

Rightsizing permissions

Specialized out-of-the-box policies detect risky permissions and help remove unwanted access to cloud resources. Automatically detect overly permissive user access, and then leverage automated recommendations to rightsize them to achieve least-privileged access.

  • Detect overly permissive policies

    Remove unwanted access to cloud resources by automatically detecting overly permissive access policies.

  • Implement pre-built policies

    Use out-of-the-box policies to detect public access, use of wildcards, risky permissions and more.

  • Automated recommendations

    Use automated recommendations to achieve least privilege permissions.

Learn more
Rightsizing permissions

IAM entitlement investigation

Query all relevant IAM entities, including all the relationships among different entities and their effective permissions across cloud environments. Understand which user can take what actions on which resources on which cloud. Turn queries into custom cloud-agnostic policies and define remediation steps as well as compliance implications.

  • Investigate IAM entitlements

    See real-time and historical data to understand IAM activity and entitlements.

  • Query data to get the full picture of user activity

    Gain a detailed view of suspicious activity as well as connected accounts and resources.

  • Query data specific to identity providers

    Discover overly permissive roles of IdP users and correlate results with cloud identities, such as IAM users and machine identities.

Learn more
IAM entitlement investigation

IdP integration

Integrate with identity provider (IdP) services like Okta, Azure AD and AWS IAM Identity Center to ingest single sign-on (SSO) data. View effective permissions and overly permissive roles of IdP users, and correlate results with cloud identities, such as IAM users and machine identities.

  • Leverage integrated support for IdP Services

    Ingest single sign-on (SSO) data for permissions mapping and calculate the effective permissions of IdP users across multicloud accounts.

  • Query data specific to identity providers

    Discover overly permissive roles of IdP users and correlate results with cloud identities, such as IAM users and machine identities.

  • Turn queries into cloud-agnostic policies

    Easily build custom guardrails for IdP users by turning RQL queries into IAM security policies with specific compliance and remediation implications.

Learn more
IDP integration

Automated remediation

Automatically adjust permissions and continuously enforce least-privileged access. Send alert notifications to 14 third-party tools, including email, AWS Lambda and Security Hub, PagerDuty®, ServiceNow® and Slack®.

  • Activate automated remediation for over-privileged users

    Get suggestions for ideal permissions levels for any cloud user from Prisma Cloud.

  • Support for 14 common integrations

    Seamlessly integrate Prisma Cloud alerting with your existing alert management tools with built-in support for 14 third-party tools.

  • Remediation playbooks

    Leverage custom Cortex® XSOAR playbooks for Prisma Cloud and easily operationalize advanced security orchestration capabilities.

Learn more
Automated remediation
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the industry’s most complete Cloud Native Application Protection Platform (CNAPP), with the industry’s broadest security and compliance coverage—for infrastructure, workloads, and applications, across the entire cloud native technology stack—throughout the development lifecycle and across hybrid and multicloud environments.
Learn more

Cloud Identity Security modules

CLOUD INFRASTRUCTURE ENTITLEMENT MANAGEMENT

Centrally manage identities and govern access across clouds.

Learn more
Featured Resources

Get more insight into what Prisma Cloud can do for your business

See all resources
Infographic

CIEM: Identity is the New Perimeter

Read more
Guide

The 5-Minute Guide to Understanding Cloud Infrastructure Entitlement Management

Read more
Research report

Unit 42 Cloud Threat Report, Volume 6: IAM: The first line of Defense

Read the full report
Datasheet

Cloud Identity Entitlement Management (CIEM) with Prisma Cloud

Download
Blog

Why IAM Security Must Be an Essential Component of CSPM

Read the blog

Customer Stories

Hear how Pokemon, Sabre and ElevenPaths take advantage of Prisma Cloud's full lifecycle security and full stack protection.

Cloud security basics

Learn about DevSecOp trends and get practical tips from developers, industry leaders and security professionals.

The latest from our blog

Start with a piece that focuses on container security with Kubernetes cluster awareness, then dive into the rest.

Get the latest news, invites to events, and threat alerts