Threat Detection

Prisma Cloud enables detection and response to threats across clouds with ML-powered anomaly detection and UEBA.

The dynamic, distributed nature of cloud environments often creates alerts that lack context at a volume that can overwhelm security teams. Attempting to correlate logs, API metadata and signature-driven alerts can quickly flood teams with false positives instead of actionable insight.

Read about our comprehensive approach to Threat Detection.

Powerful threat detection bolstered by industry-leading intelligence

Prisma Cloud combines rule- and behavior-based analytics and augments the data with the Prisma Cloud Intelligence Stream – a combination of data from more than 30 unique sources, including commercial, open source and proprietary data sources across hosts, images and functions. Further enhanced with Palo Alto Networks threat intelligence from AutoFocus™ and WildFire, along with third-party sources like Qualys and Tenable®, security teams rise above the noise to identify real threats more quickly – ultimately reducing time to remediation.
  • Correlate threat intelligence from multiple sources
  • Leverage advanced analysis, including machine learning
  • Detect both known and unknown threats
  • Comprehensive threat intelligence
    Comprehensive threat intelligence
  • Network threat detection
    Network threat detection
  • Network anomaly monitoring
    Network anomaly monitoring
  • User and entity behavior analytics
    User and entity behavior analytics


Our approach to Threat Detection

Comprehensive threat intelligence

Any security tool’s ability to accurately identify and surface threats is only as good as the data it sources. Prisma Cloud correlates data from multiple sources, including CSP logs, Palo Alto Networks threat intelligence feeds and third-party sources, to provide security teams with unmatched threat intelligence.

  • AutoFocus integration

    Integrate with Cortex® AutoFocus™, a massive repository of network, endpoint and cloud intelligence data that helps detect cryptomining, ransomware, Linux malware, backdoor malware, hacking tools and more.

  • Prisma Cloud Intelligence Stream

    Get accurate and granular risk context across multi-cloud environments with our curation of more than 30 upstream data sources across commercial, open source and proprietary feeds.

  • Third-party integrations

    Add Qualys, Tenable, AWS GuardDuty® or another threat intelligence source to Prisma Cloud and gain ever deeper insights into the vulnerabilities and threats across cloud environments.

Network threat detection

Our Unit 42 cloud threat research team found that cryptojacking affects at least 23% of organizations globally that maintain cloud infrastructure. This is just one example of the numerous types of threats Prisma Cloud can discover by correlating API data points from network activities.

  • Network security policies

    Activate hundreds of built-in, network-specific security policies and immediately gain visibility into network-related security issues other tools miss.

  • Anomaly detection policies

    Detect unusual activities that could signal malicious activity before they occur. These policies leverage machine learning and can alert on threats traditional policies fail to see.

  • Integrated threat detection dashboards

    Take advantage of powerful dashboards that highlight alerts and compromises within our console, helping you easily understand suspicious network communication and user activity.

Network anomaly monitoring

Traditional rule- or signature-based policies can prevent known bad behaviors from continuing, but they can't protect against zero-day attacks and other types of advanced persistent threats (APTs). Prisma Cloud augments its vast library of security policies with machine learning-based and threat intelligence-sourced policies to provide comprehensive analysis into network behaviors.

  • Unusual port activity detection

    Spot activity that could signal a threat, such as sweeps and protocol activity from within or outside the cloud environment to a server host using a port or IP not typical to network traffic flows.

  • Compromised host detection

    Identify hosts within your cloud environment that may be sending out spam, or hijacked compute instances mining cryptocurrencies.

  • Integrated alerting

    View and respond to alerts within Prisma Cloud, or send out data to destinations like PagerDuty, Cortex XSOAR and more.

User and entity behavior analytics (UEBA)

Users who access cloud environments can pose a significant threat if not continuously monitored for unusual activities that could signal possible credential or account compromise. Prisma Cloud continuously monitors each user's activities to identify what’s normal, and then alerts on any behaviors that deviate from that baseline.

  • View suspicious user activity

    Using machine learning, identify specific actions and surface correlated account data, both in real time and with historical context.

  • Detect insider threats

    Discover behaviors that could signal compromised accounts, brute force attacks, data exfiltration attempts and other behaviors that traditional security tools miss.

  • Fine-grained controls

    Train the machine learning model to minimize false positives and negatives as well as customize alert disposition. Specify policy-specific trusted lists to avoid alerts from resources that are known to be used for testing.

Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Security Posture Management modules

Visibility, Compliance, and Governance

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

Cloud Threat Detection

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

Data Security

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.