Container Security

Secure Kubernetes® and other container platforms on any public or private cloud, from build to run with Prisma Cloud.
Request a Trial
Container Security Hero Front Image
Container Security Hero Back Image

Containers, Kubernetes and containers as a service (CaaS) have become mainstream ways to package and orchestrate services at scale. At the same time, businesses need to ensure they have purpose-built security to address vulnerability management, compliance, runtime protection and network security requirements for their containerized applications.

Prisma Cloud Named a leader in CWS in The Forrester Wave™.

Download the report
1

Microservices architectures are dynamic

Containerized services allow organizations to split development and independently update and scale services. This leads to increased feature velocity, but traditional security lacks the capabilities to secure these new cloud native architectures.
2

Hybrid and multi-cloud architectures add complexity

Due to acquisitions and use case-specific offerings, multi-cloud has become the new norm. Maintaining consistent visibility, security and compliance can be a challenge across cloud providers and offerings, from vanilla Kubernetes to fully managed CaaS.
3

Securing the software supply chain is critical

Modern applications lean more than ever on third-party and open source dependencies. Keeping up with known vulnerabilities and vendor patches creates massive overhead and compliance headaches, requiring integrated security in developer and DevOps tooling.

Container security spanning the full application lifecycle

Prisma® Cloud scans container images and enforces policies as part of continuous integration and continuous delivery workflows, continuously monitors code in repositories and registries, and secures both managed and unmanaged runtime environments – combining risk prioritization with runtime protection at scale.
  • Support for public and private clouds
  • Single console for managed and unmanaged environments
  • Full lifecycle security for repositories, images and containers
Watch a demo
  • Vulnerability management
    Vulnerability management
  • Container compliance
    Container compliance
  • CI/CD security
    CI/CD security
  • Runtime defense
    Runtime defense
  • Access control
    Access control
THE PRISMA CLOUD SOLUTION

Our approach to Container Security

Vulnerability management

Start with full visibility into all dependencies from containers during the build, deploy and run phases. Prisma Cloud aggregates and prioritizes vulnerabilities continuously in CI/CD pipelines and containers running on hosts or on containers as a service, in public and private clouds.

  • Prioritize remediation with guidance

    Establish risk prioritization across all known CVEs, remediation guidance and per-layer image analysis with vulnerability Top 10 lists.

  • Add guardrails with alerts and blocks for severity levels

    Control the alert and blocking severity level for individual and groups of services during build time and runtime.

  • Leverage unmatched accuracy

    Minimizing false positives with more than 30 upstream data sources. Prisma Cloud is focused on providing only accurate vulnerability information back to developers and security teams.

  • Surface vulnerability information throughout the lifecycle

    Integrate vulnerability management to scan repositories, registries, CI/CD pipelines and runtime environments.

Learn more
Vulnerability management

Container compliance

Maintainers of container environments face unique configuration challenges compared to server based monoliths. Prisma Cloud provides more than 400 out-of-the-box and customizable compliance checks to improve posture in containerized environments.

  • Maintain an audit history of compliance over time

    See your total compliance rate with Prisma Cloud, based on continuous and up-to-date views of your container posture, as well as a thorough history of previous scans.

  • Control builds and deployments based on pre-built and custom policies

    Use templates from leading frameworks, including PCI DSS, HIPAA, GDPR, DISA STIG and NIST SP 800-190, and customize them to your organization’s needs.

  • Implement CIS Benchmarks and proprietary checks

    Leverage preconfigured checks from the CIS Benchmarks and Prisma Cloud’s research for Docker®, Kubernetes, Linux, Windows® and Istio™.

  • Set license compliance levels

    Automatically alert on and block licenses that don’t meet your organization’s requirements or require additional details, such as attribution.

  • Manage image trust

    Leverage trusted groups and trusted images to only allow safe images to reach production.

  • Add compliance checks during build and runtime

    Provide alerts and guardrails for misconfigurations at every step of the development lifecycle to decrease patch friction and prevent misconfigurations in production.

Learn more
test

CI/CD security

The most effective strategy to securing containers is to catch and remediate issues at every step of the development lifecycle. CI/CD workflows offer an opportunity to embed automated security checks in existing development processes, reducing the load on both developers and security teams.

  • Scan repositories and registries for vulnerabilities and misconfigurations

    Check source code and images for vulnerabilities and compliance issues across repositories, such as GitHub, and registries, such as Docker, Quay, Artifactory and more.

  • Lock down deployments to vetted images

    Leverage trusted groups and trusted images to only allow safe images to reach production.

  • Integrate security into CI tooling

    Prisma Cloud includes integrations to alert on and block images with issues from CI tools, such as Jenkins, GitHub Actions, CircleCI, AWS CodeBuild, Azure DevOps, Google Cloud Build and more.

  • Scan vulnerabilities at every stage

    Provide feedback on package vulnerabilities and open source licenses from the CLI and repository scans.

Learn more
CI/CD checks

Runtime defense

Containers scale automatically while running in a variety of environments. Prisma Cloud secures ephemeral containers using predictive and threat-based protection without adding overhead. Our agent secures containers running stand-alone on vanilla and managed Kubernetes as well as CaaS environments.

  • Simplify security with a single agent and console

    Leverage support for containers in cloud and on-premises environments across all unmanaged and managed offerings and all CRI compliant runtimes.

  • Detect anomalous behavior automatically

    Automatically profile running containers based on processes, networking and file system behavior and detects and blocks known-bad and anomalous behavior.

  • Gain network visibility across environments

    View all container network communications across your cloud environments in real time.

  • Respond to incidents quickly with automatically captured forensic details

    View the history of events that led up to and followed an incident for threat hunting and lifecycle analysis.

Learn more
Runtime defense

Access control

Container runtimes and Kubernetes defaults create overly permissive access. Prisma Cloud locks down user and control plane access to Docker and Kubernetes to decrease the attack surface area.

  • Control Docker command access

    Add fine-grained control over which user should have access to run Docker commands on a per-environment basis.

  • Inject secrets safely into containers

    Prisma Cloud integrates with secrets management tools, like CyberArk and HashiCorp, to secure secrets and securely provide them to containers as needed.

  • Simplify policy enforcement with managed Open Policy Agent

    Simplify the creation of policy as code and enforce OPA’s decisions.

  • Automate and aggregate detailed logging

    Audit events for vulnerabilities, compliance violations and runtime events are automatically generated, collected and aggregated in a single, searchable dashboard.

Learn more
Access control
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the industry’s most complete Cloud Native Application Protection Platform (CNAPP), with the industry’s broadest security and compliance coverage—for infrastructure, workloads, and applications, across the entire cloud native technology stack—throughout the development lifecycle and across hybrid and multicloud environments.
Learn more

Cloud Workload Protection modules

HOST SECURITY

Secure virtual machines (VMs) on any public or private cloud.

Learn more

CONTAINER SECURITY

Secure Kubernetes and other container platforms on any public or private cloud.

Learn more

SERVERLESS SECURITY

Secure serverless functions across the full application lifecycle.

Learn more

WEB APPLICATION & API SECURITY

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.

Learn more
Featured Resources

Get more insight into what Prisma Cloud can do for your business

See all resources
E-book

Container Security 101: Understanding the Basics of Securing Containers

Download
Datasheet

Prisma Cloud: Cloud Workload Protection

Download
E-book

Shift Left and Enable DevSecOps

Download
Demo

Comprehensive Cloud Native Security Demo

Watch now

Customer Stories

Hear how Pokemon, Sabre and ElevenPaths take advantage of Prisma Cloud's full lifecycle security and full stack protection.

Cloud security basics

Learn about DevSecOp trends and get practical tips from developers, industry leaders and security professionals.

The latest from our blog

Start with a piece that focuses on container security with Kubernetes cluster awareness, then dive into the rest.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability