[](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Prisma logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/prisma-logo-dark.svg)](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products Platform * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) Protect applications from code to cloud Categories * [Cloud Security Posture Management](https://www.paloaltonetworks.com/prisma/cloud/cloud-security-posture-management?ts=markdown) Gain visibility, compliance and governance across multicloud environments * [Cloud Workload Protection](https://www.paloaltonetworks.com/prisma/cloud/cloud-workload-protection-platform?ts=markdown) Secure host, containers, Kubernetes (K8s) and serverless functions * [Application Security](https://www.paloaltonetworks.com/prisma/cloud/application-security?ts=markdown) Shift left and secure applications by design * [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt?ts=markdown) Enforce least privilege access to cloud infrastructure * [Web Application \& API Security](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security?ts=markdown) Protect applications and APIs against web based attacks * [Cloud Discovery \& Exposure Management](https://www.paloaltonetworks.com/prisma/cloud/cloud-discovery-exposure-management?ts=markdown) Combat rogue cloud deployments * [Data Security Posture Management](https://www.paloaltonetworks.com/prisma/cloud/cloud-data-security?ts=markdown) Classify and secure sensitive data * [AI Security Posture Management](https://www.paloaltonetworks.com/prisma/cloud/ai-spm?ts=markdown) Secure AI powered applications * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Use Cases * Risk Prevention * [Secure code by design](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security?ts=markdown) * [Fix misconfigurations in IaC](https://www.paloaltonetworks.com/prisma/cloud/infrastructure-as-code-security?ts=markdown) * [Manage OSS vulnerabilities (SCA)](https://www.paloaltonetworks.com/prisma/cloud/software-composition-analysis?ts=markdown) * [Avoid secrets exposure](https://www.paloaltonetworks.com/prisma/cloud/secrets-security?ts=markdown) * [Protect CI/CD pipelines](https://www.paloaltonetworks.com/prisma/cloud/software-supply-chain-security?ts=markdown) * Visibility \& Control * [Detect misconfigurations](https://www.paloaltonetworks.com/prisma/cloud/visibility-compliance-governance#conf-mngmt?ts=markdown) * [Generate compliance reports](https://www.paloaltonetworks.com/prisma/cloud/visibility-compliance-governance?ts=markdown) * [Reduce excessive permissions](https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt?ts=markdown) * [Prevent cloud data breaches](https://www.paloaltonetworks.com/prisma/cloud/cloud-data-security?ts=markdown) * [Manage shadow clouds](https://www.paloaltonetworks.com/prisma/cloud/cloud-discovery-exposure-management?ts=markdown) * [Vulnerability management](https://www.paloaltonetworks.com/prisma/cloud/vulnerability-management?ts=markdown) * Runtime Protection * [Detect threats](https://www.paloaltonetworks.com/prisma/cloud/cloud-threat-detection?ts=markdown) * [Container and Kubernetes security](https://www.paloaltonetworks.com/prisma/cloud/container-security?ts=markdown) * [Protect Hosts / VMs](https://www.paloaltonetworks.com/prisma/cloud/host-security?ts=markdown) * [Defend serverless functions](https://www.paloaltonetworks.com/prisma/cloud/serverless-security?ts=markdown) * [Protect web applications](https://www.paloaltonetworks.com/prisma/cloud/web-application-security?ts=markdown) * [API security](https://www.paloaltonetworks.com/prisma/cloud/api-security?ts=markdown) Industries * [Government](https://www.paloaltonetworks.com/prisma/cloud/government?ts=markdown) * Environments ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Environments Environments We Secure * Cloud Service Providers * [Alibaba Cloud](https://www.paloaltonetworks.com/prisma/environments/alibaba-cloud?ts=markdown) * [Amazon Web Services](https://www.paloaltonetworks.com/prisma/environments/aws?ts=markdown) * [Google Cloud](https://www.paloaltonetworks.com/prisma/environments/gcp?ts=markdown) * [Microsoft Azure](https://www.paloaltonetworks.com/prisma/environments/azure?ts=markdown) * [Oracle Cloud Infrastructure](https://www.paloaltonetworks.com/prisma/environments/oci?ts=markdown) * Application Platforms * [Docker](https://www.paloaltonetworks.com/prisma/environments/docker?ts=markdown) * [Kubernetes](https://www.paloaltonetworks.com/prisma/environments/kubernetes?ts=markdown) * [Red Hat OpenShift](https://www.paloaltonetworks.com/prisma/environments/red-hat-openshift?ts=markdown) * [ServiceNow](https://www.paloaltonetworks.com/prisma/environments/servicenow?ts=markdown) * [VMWare Tanzu](https://www.paloaltonetworks.com/prisma/environments/vmware-tanzu?ts=markdown) * Cloud Automation * [HashiCorp](https://www.paloaltonetworks.com/prisma/environments/hashicorp?ts=markdown) * [Product Tour](https://www.paloaltonetworks.com/prisma/cloud/explore-prisma-cloud?ts=markdown) * Resources ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Resources Product Information * [Datasheets](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fprisma-cloud&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fdatasheet&ts=markdown) * [Explore Demos](https://www.paloaltonetworks.com/prisma/demos?ts=markdown) * [Technical Documentation](https://docs.prismacloud.io/en) * [Knowledge Base](https://support.paloaltonetworks.com/search#f:@source=[Salesforce%20Knowledge]&f:@objecttype=[KBKnowledge]&f:@panproduct=[Prisma%20Cloud]) * [Support](https://support.paloaltonetworks.com/Support/Index) * [Professional Services](https://www.paloaltonetworks.com/prisma/professional-services-for-cloud-native-security?ts=markdown) * [Technology Partners](https://technologypartners.paloaltonetworks.com/English/directory?Integration_Products__cf=Prisma%20Cloud&Integration_Products__cf=Prisma%20Cloud%20Compute) * [Open Source](https://www.paloaltonetworks.com/prisma/cloud/open-source-projects?ts=markdown) Learn \& Connect * [Blog](https://www.paloaltonetworks.com/blog/prisma-cloud/?ts=markdown) * [Research](https://www.paloaltonetworks.com/prisma/cloud/research?ts=markdown) * [DevSecTalks](https://www.paloaltonetworks.com/devsectalks/?ts=markdown) * [Cloud Security Cyberpedia](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) * [Customer Success Stories](https://www.paloaltonetworks.com/prisma/cloud/customer-stories?ts=markdown) * [Analyst \& Research Reports](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fprisma-cloud&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fresearch&ts=markdown) * [Whitepapers](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fprisma-cloud&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fwhitepaper&ts=markdown) * [eBooks](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fprisma-cloud&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fbook&ts=markdown) * [Videos](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fprisma-cloud&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fvideo&ts=markdown) * [Developer Resources](https://www.paloaltonetworks.com/prisma/cloud/developer?ts=markdown) [![The State of Cloud-Native Security 2024 Report](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/cloud/prisma-cloud_state-of-cloud-native-security-report-2024_website-nav-card_167x125.jpg) CXO Research The State of Cloud-Native Security 2024 Report Get your copy](https://start.paloaltonetworks.com/state-of-cloud-native-security-2024) [![The Complete Cloud Security Platform.End-to-End of Story.](https://www.paloaltonetworks.com/content/dam/pan/en_US/prisma/cloud-new/promo-card.jpg) ON-DEMAND VIRTUAL EVENT The Complete Cloud Security Platform. End-to-End of Story. Watch now](https://start.paloaltonetworks.com/prisma-cloud-new-innovations-for-the-future-of-cloud-security-webinar-on-demand.html) * ![palo alto networks logo icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg) ![white arrow icon pointing left to return to main Palo Alto Networks site](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg) [](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) Search All * [Tech Docs]() Close search modal *** ** * ** *** Cortex Cloud"\> Introducing Cortex Cloud === ### Bringing together best-in-class CDR with the next version of Prisma Cloud's leading CNAPP for real-time cloud security. ![logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/logos/cortex-logo-white-with-panw.png) * [Experience real-time cloud security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) **cortex** ![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-white.svg) WHY IT MATTERSOUR APPROACHMODULESRESOURCES * [WHY IT MATTERS](#why) * [OUR APPROACH](#approach) * [MODULES](#modules) * [RESOURCES](#resources) {#why} ## Cloud-native applications are increasingly distributed across VMs, hosts, containers, Kubernetes^®^ and serverless architectures. Unique security requirements for each make consistent workload protection a challenge. ### Download the latest datasheet on Cloud Workload Protection Platform (CWPP) [Download the Datasheet](https://www.paloaltonetworks.com/resources/datasheets/cloud-workload-protection?ts=markdown) ### Environments are constantly evolving With DevOps teams deploying weekly, daily or even hourly, public and private cloud environments are constantly changing. Security teams struggle to gain control over these deployments without slowing down release velocity. ### The shift to the cloud means more entities to secure DevOps and infrastructure microservices teams are leveraging a combination of containers, Kubernetes and serverless functions to run cloud-native applications. This diversity, along with an ever-increasing cloud footprint, leads to a much larger number of entities to protect. ### Diverse architectures limit visibility and impede protections Enterprises use wide-ranging combinations of public and private clouds, cloud services and application architectures. These complex environments create blind spots and protection challenges for overworked security teams. ## Secure hosts, containers and serverless across multicloud and hybrid environments Prisma Cloud is a comprehensive Cloud Workload Protection solution that delivers flexible protection to secure cloud VMs, containers and Kubernetes apps, serverless functions and containerized offerings like AWS Fargate^®^ tasks. With Prisma Cloud, DevOps and cloud infrastructure teams can adopt the architecture that fits their needs without worrying about security keeping pace with release cycles or protecting a variety of tech stacks. * Support for public and private clouds * Flexible agentless scanning and agent-based protection * Security integrated across the application lifecycle * ![Vulnerability management](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/Icons/container-security-vulnerability-management.svg) Vulnerability management * ![Compliance](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/Icons/container-security-compliance.svg) Compliance * ![CI/CD security](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/Icons/container-security-ci-cd-security.svg) CI/CD security * ![Runtime defense](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/Icons/container-security-runtime-defense.svg) Runtime defense * ![Container access control](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/Prisma-cloud-solution_03-container-access-control.svg) Container access control * ![Image Analysis Sandbox](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/Prisma-cloud-solution_03-image-analysis-sandbox.svg) Image Analysis Sandbox * ![Trusted Images](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/Prisma-cloud-solution_03-trusted-images.svg) Trusted Images * ![Web App and API Security](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/icons/usecases/web-api-api-security.svg) Web App and API Security * ![Agentless and agent-based security](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/agentless-security.svg) Agentless and agent-based security {#approach} *** ** * ** *** THE PRISMA CLOUD SOLUTION ## Our approach to cloud workload protection ### Vulnerability management Securing cloud-native applications requires a comprehensive view into vulnerabilities across the application lifecycle. Prisma Cloud delivers a centralized view to help prioritize risks in real time across public cloud, private cloud and on-premises environments for every host, container and serverless function. * #### Manage risk from a single UI. Prioritize risk across host OS, container images and serverless functions with intelligent risk scoring. \* #### See vulnerability status with remediation guidance. View every CVE with details and up-to-date vendor fix information, supporting all cloud-native technologies. \* #### Alert on or prevent vulnerabilities across environments. Set precise policies to alert on or prevent vulnerable components from running on your environments. \* #### Integrate security into your CI/CD pipeline. Continuously monitor container registries as well as explicitly define trustworthy images, registries and repositories. \* #### Integrate data with your existing systems. Integrate vulnerability alerts into common endpoints, including JIRA^®^, Slack^®^, PagerDuty^®^, Splunk^®^, Cortex^®^ XSOAR^™^, ServiceNow^®^ and more. [Learn more](https://www.paloaltonetworks.com/blog/2019/11/cloud-container-security/?ts=markdown) [![Vulnerability management](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp-vulnerability-management.png)](#prismastickyimagecomapproach1_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### Compliance Cloud-native applications require purpose-built controls to gain visibility into compliance posture and maintain compliance for dynamic, ephemeral infrastructures. Prisma Cloud delivers real-time and historical views into compliance status for hosts, containers and serverless functions. * #### Achieve compliance from a single solution. Centrally monitor compliance posture with a single dashboard that covers hosts, containers and serverless functions as well as Kubernetes and Istio^®^. \* #### Use 400+ customizable checks for cloud-native applications. Cover leading frameworks, including PCI DSS, HIPAA, GDPR and NIST SP 800-190, with prebuilt compliance templates. \* #### Leverage CIS Benchmarks. Implement or customize checks based on CIS Benchmarks, with approved coverage for the AWS^®^, Docker^®^, Kubernetes and Linux CIS Benchmarks. \* #### Ensure image trust. Use trusted images to ensure that application components only originate from authorized sources. \* #### Integrate compliance across the application lifecycle. Add compliance checks as part of the full application lifecycle to alert on or prevent misconfigurations in your applications from reaching production. [Learn more](https://www.paloaltonetworks.com/blog/prisma-cloud/enhanced-visibility-compliance-cloud-native-workloads/?ts=markdown) [![Compliance](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp-compliance.png)](#prismastickyimagecomapproach2_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### CI/CD security To secure cloud-native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow. * #### Connect your infrastructure and application risks Identify exposed issues within your codebase and eliminate false positives to prioritize critical remediations faster. \* #### Visualize your software supply chain. Create a consolidated inventory of code risks and CI/CD pipelines across your engineering ecosystem. \* #### Surface scan results in developer tooling and central dashboards. View scan results and details, both at their source and with an aggregated view. \* #### Visualize breach pathways. Unravel complex relationships to help identify breach pathways to reach business-critical assets. \* #### Enforce security policies to prevent builds from moving forward in pipelines. Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle. [Learn more](https://www.paloaltonetworks.com/prisma/cloud/ci-cd-security?ts=markdown) [![CI/CD security](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/container-image-scanning.png)](#prismastickyimagecomapproach3_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### Runtime defense Cloud-native applications scale dynamically, requiring a modern automated approach to protection that prevents applications from unwanted activity and threats. With Prisma Cloud, ensure hosts, containers and serverless applications are secure --- whether you're running on public clouds, private clouds or on-premises. * #### Unify protection with a single agent. Secure them all from a single solution. Prisma Cloud supports Linux and Windows^®^ hosts, containers and Kubernetes, as well as emerging technologies like PaaS and serverless. \* #### Automate security without needless manual effort. Automate baseline policies across process, file system and network activity to achieve security at enterprise scale. \* #### Capture detailed forensics of every audit or security incident. Automatically and securely gather forensics details in a powerful timeline view to enable incident response. You can view data in Prisma Cloud or send it to other systems for deeper analysis. \* #### Prevent activity across any environment. Manage runtime policies all from a centralized console to ensure security is always present as part of every deployment. \* #### Enable your SOC teams with context-rich data. With mapping of incidents to the MITRE ATT\&CK^®^ framework, along with detailed forensics and rich metadata, eliminate the challenges for SOC teams in identifying and tracking threats for ephemeral cloud-native workloads. [Download the e-book](https://www.paloaltonetworks.com/resources/whitepapers/add-runtime-defense-cloud-security?ts=markdown) [![Runtime defense](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp-runtime-defense.png)](#prismastickyimagecomapproach4_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### Container Access Control Modern applications need deep, integrated security to protect the entire application stack. With Prisma Cloud, organizations can leverage security optimized for cloud-native architectures. * #### Gain control over Docker activities. Manage rules governing Docker configurations, containers, images, nodes, plugins, services and more to ensure your environment runs as you choose. \* #### Manage secrets for your containers. Take advantage of integration with secrets management tools, like CyberArk^®^ and HashiCorp^®^, to ensure your secrets are properly managed and secured. \* #### Capture Kubernetes audits. Deploy security purpose-built for cloud-native tech stacks. Prisma Cloud ingests Kubernetes audit data and surfaces rules to identify events to alert on. \* #### Secure deployments with Open Policy Agent. Craft rules in Rego policy language to gain control over every deployment. \* #### View audit results in a single dashboard. Surface all audit alerts and activities in a single pane of glass for analysis. [Learn more](https://www.paloaltonetworks.com/blog/prisma-cloud/open-policy-agent-support/?ts=markdown) [![Access control](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp-container-access-control.png)](#prismastickyimagecomapproach5_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### Image Analysis Sandbox Safely pull and run container images that possibly contain outdated, vulnerable packages and embedded malware from external repositories. With Image Analysis Sandbox, you can expose risks and identify suspicious dependencies buried deep in your software supply chain that would otherwise be missed by static analysis. * #### Capture detailed runtime profile of the container. Dynamically scan images in a sandbox virtual machine by collecting processes, networking and filesystem events that occurred while the container was running in the sandbox. The events are displayed for an overview of the container behavior at runtime. \* #### Assess the risk of an image. Scan for suspicious and anomalous container behavior, such as malware, cryptominers, port scanning, modified binary or kernel module modification. \* #### Incorporate dynamic analysis into your workflow. Shift container security left by integrating the Image Analysis Sandbox into CI/CD workflows. [![Image Analysis Sandbox](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/cwpp-image-analysis-sandbox.png)](#prismastickyimagecom_68663972_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### Trusted Images Not all container images are created equal. While it is practical to pull images from external repositories, it leaves you vulnerable to one of the most common high-risk scenarios: These images may contain outdated, vulnerable packages and can contain embedded malware. Trusted Images is a security control that lets you declare by policy which registries, repositories and images you trust, as well as how to respond when untrusted images are started in your environment. * #### Enable key countermeasures for major container risks. Define which images are permitted to run in your environment. Specify registries, repositories and images that are considered trustworthy. If an untrusted image runs, Prisma Cloud will issue an audit, raise an alert and optionally block the container from running. \* #### Establish trust. Establish trust by point of origin (registry or repository) or base layer. Monitor the origin of all containers on the hosts. [Learn more](https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/) [![Trusted Images](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/cwpp-trusted-images.png)](#prismastickyimagecom_173276803_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ### Flexible control Cloud workloads and apps constantly evolve. Organizations need agile, integrated controls to ensure the entire stack is protected. Only Prisma Cloud offers the flexibility to use agentless and agent-based protections that suit your needs. * #### Agentless scanning for easy visibility: Gain rapid visibility without deploying preventive or blocking capabilities. Agentless scanning provides quick assessments of risk, including known CVEs, misconfigurations and other security issues. \* #### Agent-based protection for runtime threats: A unified agent framework supports defense in depth to secure cloud-native apps. Agent-based protection provides deep forensic visibility and preventive policies to block and stop suspicious activity. \* #### Unified console and one policy engine for both approaches: Prisma Cloud is the industry's only solution to offer both agentless and agent-based security --- all managed from a single location. [![Flexible control](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma/usecases/cwpp/flexible-deployment-options.png)](#prismastickyimagecom_prisma-custom-background_prismacustombackgrou_14379965_cleanParsys_cloud-workload-protection-platform_cloud_prisma_en_US_pan_content_) ![Prisma Cloud](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/prisma-refresh/prisma-laptop-2.png) Prisma Cloud Prisma^®^ Cloud is the industry's most complete Cloud-Native Application Protection Platform (CNAPP), with the industry's broadest security and compliance coverage --- for infrastructure, workloads and applications across the entire cloud-native technology stack --- throughout the development lifecycle and across multicloud and hybrid environments. [Learn more](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) {#modules} ## Cloud Workload Protection modules ### HOST SECURITY Secure virtual machines (VMs) on any public or private cloud. [Learn more](https://www.paloaltonetworks.com/prisma/cloud/host-security?ts=markdown) ### CONTAINER SECURITY Secure Kubernetes and other container platforms on any public or private cloud. [Learn more](https://www.paloaltonetworks.com/prisma/cloud/container-security?ts=markdown) ### SERVERLESS SECURITY Secure serverless functions across the full application lifecycle. [Learn more](https://www.paloaltonetworks.com/prisma/cloud/serverless-security?ts=markdown) ### WEB APPLICATION \& API SECURITY Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud. [Learn more](https://www.paloaltonetworks.com/prisma/cloud/web-application-API-security?ts=markdown) {#resources} Featured Resources ## Valuable Cloud Workload Protection documents [See all resources](https://www.paloaltonetworks.com/resources?q=*%3A*&_charset_=UTF-8&fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fprisma-cloud&ts=markdown) Report ### The Forrester Wave™: Cloud Workload Security, Q1 2022 [Download](https://www.paloaltonetworks.com/resources/research/prisma-cloud-named-a-leader-in-cws-in-the-forrester-wave?ts=markdown) Datasheet ### Prisma Cloud: Cloud Workload Protection [Download](https://www.paloaltonetworks.com/resources/datasheets/cloud-workload-protection?ts=markdown) Guide ### Securing Cloud Native Applications Using the OWASP Top 10 Guide [Download](https://www.paloaltonetworks.com/resources/guides/securing-cloud-native-applications-owasp-cloud-native-application?ts=markdown) Customer Story ### Cuebiq [Read now](https://www.paloaltonetworks.com/customers/cuebiq?ts=markdown) Brief ### Shift Left and Enable DevSecOps [Download](https://www.paloaltonetworks.com/resources/techbriefs/shift-left-and-enable-devsecops?ts=markdown) PreviousNext [### Customer Stories Hear how Pokemon, Sabre and ElevenPaths take advantage of Prisma Cloud's full lifecycle security and full stack protection.](https://www.paloaltonetworks.com/prisma/cloud/customer-stories?ts=markdown) [### Cloud security basics Learn about DevSecOp trends and get practical tips from developers, industry leaders and security professionals.](https://www.paloaltonetworks.com/devsectalks/) [### The latest from our blog Start with a piece that focuses on container security with Kubernetes cluster awareness, then dive into the rest.](https://www.paloaltonetworks.com/blog/prisma-cloud/?ts=markdown) {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language