Cloud Infrastructure Entitlement Management

With Prisma® Cloud, you can enforce permissions and secure identities across workloads and clouds.

Complex multi-cloud environments make enforcing least-privileged access a challenge due to limited visibility and inconsistent entitlements across cloud resources and service providers. Security and identity teams need to ensure that all infrastructure entitlements adhere to least-privileged access principles.

What to Know About Cloud Infrastructure Entitlement Management (CIEM).

Centrally manage identities and govern access across public clouds

Prisma Cloud provides integrated CIEM capabilities as part of a single platform and single solution for securing cloud entitlements at scale.

With Prisma Cloud, security, identity and infrastructure teams can quickly audit cloud permissions and prevent security incidents that arise from improperly configured cloud entitlements. Deep integrations with identity tools, cloud service providers (CSPs), and third-parties give you comprehensive visibility and control.
  • Quickly audit and secure cloud entitlements
  • Unify security across cloud resources and workloads
  • Integrate with CSP and third-party identity providers
  • Privileged access management
    Privileged access management
  • Least privilege recommendation
    Least privilege recommendation
  • Account compromise detection
    Account compromise detection
  • Identity provider integrations
    Identity provider integrations

THE PRISMA CLOUD SOLUTION

Our approach to Cloud Infrastructure Entitlement Management

Privileged access management

Securing cloud infrastructure entitlements starts with gaining deep visibility into which accounts have access to, or can take action upon, which specific resources. Prisma Cloud analyzes permissions on public CSPs to determine net-effective permissions and rightsized permissions recommendations.

  • Manage cloud entitlements from a single solution

    Gain integrated capabilities from Prisma Cloud that extend resource-level posture management to cloud identities.

  • Implement pre-built policies

    Leverage specialized out-of-the-box policies to detect risky permissions and remove unwanted access to cloud resources.

  • Audit permissions for internal compliance

    Quickly audit cloud permissions with related user data, service data and cloud accounts.


Least privilege recommendation

Addressing cloud infrastructure entitlement issues requires a purpose-built and automated approach. That’s why Prisma Cloud automatically audits risky permissions combined with detailed remediation guidance. With Prisma Cloud, you can quickly address insecure entitlements as well as implement proper configurations from the start.

  • Understand the identity audit trail

    Just like cloud resources, access a detailed audit trail of historical activity for your cloud permissions.

  • View detailed recommendations

    Get step-by-step remediation guidance, automatically provided by policy, for each policy violation.

  • Activate automated remediation for over-privileged users

    Get suggestions on ideal permissions levels for any cloud user, straight from Prisma Cloud.


Account compromise detection

Take the human element out of detection and monitor user behavior at scale. By leveraging our User Entity and Behavior Analytics (UEBA) engine, you can detect signals of account compromises, insider threats, stolen access keys and other potentially malicious user activities.

  • Use machine learning to automate analytics

    Let Prisma Cloud autonomously monitor logs of various sources and establish a baseline of known activity.

  • Query data to get the full picture of user activity

    Use RQL to gain a detailed view of suspicious activity as well as connected accounts and resources.

  • Alert on suspicious behavior

    Alert on and investigate suspicious activity with fine-grained policies.


Identity provider integrations

Integrate with identity provider (IDP) services like Okta to ingest single sign-on (SSO) data. View effective permissions and overly permissive roles of IDP users as well as correlate results with cloud identities, such as IAM users and machine identities.

  • Leverage integrated support for Okta

    Ingest single sign-on (SSO) data for effective permissions calculation and list the effective permissions of Okta users across cloud accounts.

  • Query data specific to identity providers

    Discover overly permissive roles of IDP users and correlate results with cloud identities, such as IAM users and machine identities.


Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Infrastructure Entitlement Management (CIEM) modules

IAM Security

Centrally manage identities and govern access across clouds.