Search

Threat Detection

Prisma Cloud enables detection and response to threats across clouds with ML-powered anomaly detection and UEBA.
Request a Trial
Threat Detection Front
Threat Detection Back

The dynamic, distributed nature of cloud environments often creates alerts that lack context at a volume that can overwhelm security teams. Attempting to correlate logs, API metadata and signature-driven alerts can quickly flood teams with false positives instead of actionable insight.

Read about our comprehensive approach to Threat Detection.

Read the blog
1

The public cloud exposes new threats

From codified infrastructure template vulnerabilities to account hijacking attempts for compute-intensive operations like cryptomining, the threat landscape in the public cloud exposes new threats different from any other IT environment, posing new challenges for security teams.
2

Multi-source threat intelligence is essential

Correlating threat intelligence from multiple sources is critical to building a deep, contextual understanding of risk. Sourcing cloud service provider logs augmented with suspicious IP address lists, malware signatures and vulnerability intelligence feeds ensures risk clarity.
3

Rule-based policies are not enough

Static positive/negative or rule-based policies are an essential foundation for effective cloud security, but alone do not adequately cover the entire threat landscape. Anomaly-based policies that leverage machine learning to monitor and report on suspicious or unusual activities complement traditional policy libraries for a comprehensive threat detection strategy.

Powerful threat detection bolstered by industry-leading intelligence

Prisma Cloud combines rule- and behavior-based analytics and augments the data with the Prisma Cloud Intelligence Stream – a combination of data from more than 30 unique sources, including commercial, open source and proprietary data sources across hosts, images and functions. Further enhanced with Palo Alto Networks threat intelligence from AutoFocus™ and WildFire, along with third-party sources like Qualys and Tenable®, security teams rise above the noise to identify real threats more quickly – ultimately reducing time to remediation.
  • Correlate threat intelligence from multiple sources
  • Leverage advanced analysis, including machine learning
  • Detect both known and unknown threats
  • Comprehensive threat intelligence
    Comprehensive threat intelligence
  • Network threat detection
    Network threat detection
  • Network anomaly monitoring
    Network anomaly monitoring
  • User and entity behavior analytics
    User and entity behavior analytics
THE PRISMA CLOUD SOLUTION

Our approach to Threat Detection

Comprehensive threat intelligence

Any security tool’s ability to accurately identify and surface threats is only as good as the data it sources. Prisma Cloud correlates data from multiple sources, including CSP logs, Palo Alto Networks threat intelligence feeds and third-party sources, to provide security teams with unmatched threat intelligence.

  • AutoFocus integration

    Integrate with Cortex® AutoFocus™, a massive repository of network, endpoint and cloud intelligence data that helps detect cryptomining, ransomware, Linux malware, backdoor malware, hacking tools and more.

  • Prisma Cloud Intelligence Stream

    Get accurate and granular risk context across multi-cloud environments with our curation of more than 30 upstream data sources across commercial, open source and proprietary feeds.

  • Third-party integrations

    Add Qualys, Tenable, AWS GuardDuty® or another threat intelligence source to Prisma Cloud and gain ever deeper insights into the vulnerabilities and threats across cloud environments.

Learn more
Comprehensive threat intelligence

Network threat detection

Our Unit 42 cloud threat research team found that cryptojacking affects at least 23% of organizations globally that maintain cloud infrastructure. This is just one example of the numerous types of threats Prisma Cloud can discover by correlating API data points from network activities.

  • Network security policies

    Activate hundreds of built-in, network-specific security policies and immediately gain visibility into network-related security issues other tools miss.

  • Anomaly detection policies

    Detect unusual activities that could signal malicious activity before they occur. These policies leverage machine learning and can alert on threats traditional policies fail to see.

  • Integrated threat detection dashboards

    Take advantage of powerful dashboards that highlight alerts and compromises within our console, helping you easily understand suspicious network communication and user activity.

Learn more
Network threat detection

Network anomaly monitoring

Traditional rule- or signature-based policies can prevent known bad behaviors from continuing, but they can't protect against zero-day attacks and other types of advanced persistent threats (APTs). Prisma Cloud augments its vast library of security policies with machine learning-based and threat intelligence-sourced policies to provide comprehensive analysis into network behaviors.

  • Unusual port activity detection

    Spot activity that could signal a threat, such as sweeps and protocol activity from within or outside the cloud environment to a server host using a port or IP not typical to network traffic flows.

  • Compromised host detection

    Identify hosts within your cloud environment that may be sending out spam, or hijacked compute instances mining cryptocurrencies.

  • Integrated alerting

    View and respond to alerts within Prisma Cloud, or send out data to destinations like PagerDuty, Cortex XSOAR and more.

Learn more
Network anomaly monitoring

User and entity behavior analytics (UEBA)

Users who access cloud environments can pose a significant threat if not continuously monitored for unusual activities that could signal possible credential or account compromise. Prisma Cloud continuously monitors each user's activities to identify what’s normal, and then alerts on any behaviors that deviate from that baseline.

  • View suspicious user activity

    Using machine learning, identify specific actions and surface correlated account data, both in real time and with historical context.

  • Detect insider threats

    Discover behaviors that could signal compromised accounts, brute force attacks, data exfiltration attempts and other behaviors that traditional security tools miss.

  • Fine-grained controls

    Train the machine learning model to minimize false positives and negatives as well as customize alert disposition. Specify policy-specific trusted lists to avoid alerts from resources that are known to be used for testing.

Learn more
User and entity behavior analytics (UEBA)
Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.
Learn more

Cloud Security Posture Management modules

Visibility, Compliance, and Governance

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

Learn more

Cloud Threat Detection

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

Learn more

Data Security

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.

Learn more
Featured Resources
See all Resources
Prisma™ Cloud
Research report

Unit 42 Cloud Threat Report, 1H 2021 – The COVID-19 Conundrum: Cloud Security Impact and Opportunity

Read the full report
Prisma™ Cloud
Blog

Why Threat Detection Needs to Be Part of Your Cloud Security Strategy

Read the blog
Prisma™ Cloud
Blog

Harnessing the Power of UEBA for Cloud Security

Read the blog
Prisma™ Cloud
Blog

Bringing High-Fidelity Threat Intelligence to Prisma Cloud

Read the blog
See all Resources

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability