Search

Host Security

Securing cloud VMs for any public or private cloud with Prisma Cloud.
Request a Trial
Host Security Hero Front Image
Host Security Hero Back Image

Linux and Windows® hosts make up the backbone of many cloud-native applications, from cloud instances to Kubernetes® nodes. Applications that run on unprotected, insecure hosts introduce risk and are susceptible to attack.

Prisma Cloud Named a Leader in CWS in the Forrester Wave™.

Download the report
1

Cloud workloads are ephemeral and run on demand

The ease of starting a cloud VM means many teams build and maintain their own architectures, leaving security teams blind and hosts unsecured. Maintaining visibility and implementing security across clouds can be difficult as workloads are started and stopped in a short period of time.
2

Hybrid cloud architectures bring new security challenges

Many teams choose the best cloud for their use case, but it’s difficult to maintain security posture across clouds, operating systems and architectures. Managing all of the data and alerts across environments can be tedious and difficult.
3

Not all virtual machine images are secure by default

Cloud marketplaces contain VM images that are tailored to a developer’s needs, but may be outdated, have known vulnerabilities or contain malware. We’ve moved away from golden images, but that leaves organizations exposed to vulnerabilities.

Secure cloud hosts across any environment

Prisma Cloud offers a unified platform for securing cloud VMs. Automatically detect and protect cloud hosts with vulnerability management, compliance, runtime protection and anti-malware capabilities. Secure your virtual machines across clouds and environments. Protect Linux and Windows hosts from malicious processes and applications. Leverage flexible deployment options via agents or agentless approach to protect the host and the containers running on the host.
  • Support for Linux and Windows in public and private clouds
  • Continuous vulnerability management and compliance
  • Full-stack runtime protection with a unified platform
  • Vulnerability management Logo
    Vulnerability management
  • Host compliance Logo
    Host compliance
  • Runtime defense Logo
    Runtime defense
  • Image scanning
    Image scanning
  • Auto-discovery
    Auto-discovery
THE PRISMA CLOUD SOLUTION

Our approach to Host Security

Vulnerability management

Improve your hygiene and reduce the risk of exposure in your cloud environments by identifying vulnerabilities continuously before and after deployment. Prisma Cloud finds, prioritizes and protects against vulnerabilities in real time from a centralized dashboard.

  • Build golden pipelines by identifying vulnerable machine images.

    Scan VM images prior to deployment to alert on or block vulnerabilities from being deployed.

  • Rank vulnerabilities by risk for prioritization.

    Prioritize vulnerabilities based on risk score and risk factors based on your applications’ configurations.

  • Gain a real-time view into vulnerabilities.

    Scan running hosts continuously, with minimal increased load against the latest vulnerability databases.

  • Gain a consolidated view into risk across your stack from a single pane of glass.

    View risks across your hosts, containers and serverless applications from one unified console with flexible deployments (agents and agentless).

  • Protect against unpatched vulnerabilities.

    Leveraging our WAAS module, you can block attempted exploits of vulnerabilities prior to patching the operating system.

Download the e-book
Image of Vulnerability management

Host compliance

In addition to traditional compliance concerns around Linux and Windows settings, cloud-native hosts need proper configurations for Kubernetes nodes and container runtimes. Meanwhile, cloud VMs have a shorter lifetime than traditional VMs. Prisma Cloud assesses host compliance as an image and at runtime for an end-to-end and continuous view of your host posture.

  • A single view into compliance across environments.

    Gain a comprehensive view of all your hosts, along with images and functions and their current compliance posture, for prebuilt and custom policies.

  • Assess against out-of-the-box benchmarks, including CIS.

    Compare host compliance against Linux, Windows, and Kubernetes node- and container-based policies from popular benchmarks, including CIS, PCI DSS, HIPAA, GDPR and NIST.

  • Customize and extend compliance policies.

    Easily add custom policies for your organization’s policies using the same framework as our container custom policies.

  • Begin checks at the image level.

    Scan VM images for compliance violations and block violating images from being deployed.

Learn more
Image of Host compliance

Runtime defense

Virtual machines can be locked down to purpose-built use cases only. Prisma Cloud leverages runtime modeling for file integrity monitoring and to identify anomalies as well as protect against malicious applications.

  • Automate threat protection.

    Automatically profile secure runtime behavior and alert or block anomalous behavior, preventing attacks.

  • Enjoy full virtual machine protection.

    Integrated protection across running processes, file system use, host log inspection and custom runtime rules.

  • Activate File Integrity Monitoring (FIM) and Host Log Inspection:

    Enforce FIM, log inspection and core requirements for both runtime protection and achieving compliance.

  • Trace forensic events that led to an incident.

    Gather forensic details in a timeline to identify the events that led to an incident and enable incident response.

  • Create allow and block lists for fine-grained control.

    Alert on or block behavior from Prisma Cloud’s list of malicious behavior, such as cryptominers, or add your own allow and block lists for processes, networking and file systems.

Learn more
Image of Runtime defense

Image scanning

Cloud marketplaces images and in-house image snapshots offer custom images prebuilt for specific use cases, but they are not always secure. Prisma Cloud scans VM images just like a container image registry to identify vulnerabilities, compliance violations and malware.

  • Identify vulnerabilities before deployment.

    Scan marketplace and private images to identify vulnerable preinstalled components.

  • Block noncompliant images.

    Identify policy violations and misconfigurations present in unlaunched instances.

  • Identify hidden malware.

    Vet images for malware in a sandboxed environment based on our intelligence streams, which include integration with our WildFire® service.

  • Build a library of vetted images.

    Create a set of prevetted images for developer teams to leverage, knowing they are secure and compliant.

Learn more
Image of CI/CD & VM Image scanning

Auto-discovery and auto-protection

Developer cloud accounts and ephemeral hosts makes visibility in the cloud more challenging. Prisma Cloud automates the discovery and protection of hosts in your cloud environment. Find and protect instances across your multicloud environments.

  • Discover VMs running across clouds.

    Find all running hosts across your various cloud environments leveraging API-based discovery.

  • Identify unmanaged virtual machines.

    Scan cloud accounts for virtual machines running without any agent protection.

  • Protect hosts with flexible deployment options.

    Automatically uncover threats with flexible deployment options via agents and agentless options in your environments.

  • Secure hosts and container runtime.

    Auto-protect hosts with an automatically installed agent that protects the host itself and all containers running on that node.

Learn more
Image of Auto-discovery and auto-protection
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the industry’s most complete cloud-native application protection platform (CNAPP), with the industry’s broadest security and compliance coverage — for infrastructure, workloads and applications across the entire cloud-native technology stack — throughout the development lifecycle and across hybrid and multicloud environments.
Learn more

Cloud Workload Protection modules

HOST SECURITY

Secure virtual machines (VMs) on any public or private cloud.

Learn more

CONTAINER SECURITY

Secure Kubernetes and other container platforms on any public or private cloud.

Learn more

SERVERLESS SECURITY

Secure serverless functions across the full application lifecycle.

Learn more

WEB APPLICATION & API SECURITY

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.

Learn more
RESOURCES

Valuable Host Security documents

See all resources
Blog

Host Security: Enhanced Runtime Protection with Prisma Cloud

Read the blog
E-book

The Complete Guide to Kubernetes Security

Download
Blog post

Automating Visibility and Protection for Cloud VMs

Read the blog
Blog

Flexibility Meets Security with Customer Compliance Checks for Cloud VMs

Read the blog

Customer Stories

Hear how Pokemon, Sabre and ElevenPaths take advantage of Prisma Cloud's full lifecycle security and full stack protection.

Cloud security basics

Learn about DevSecOp trends and get practical tips from developers, industry leaders and security professionals.

The latest from our blog

Start with a piece that focuses on container security with Kubernetes cluster awareness, then dive into the rest.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability