Host Security

Securing cloud VMs for any public or private cloud with Prisma® Cloud.

Linux and Windows® hosts make up the backbone of many cloud native applications, from cloud instances to Kubernetes® nodes. Applications that run on unprotected, insecure hosts introduce risk and are susceptible to attack.

Read Gartner’s report on cloud workload protection platforms.

Secure cloud hosts across any environment

Prisma Cloud offers a unified platform for securing cloud VMs. Automatically detect and protect cloud hosts with vulnerability management, compliance, runtime protection and anti-malware capabilities. Secure your virtual machines across clouds and environments. Protect Linux and Windows® hosts from malicious processes and applications. Leverage a single agent to protect the host and the containers running on the host.
  • Support for Linux and Windows in public and private clouds
  • Continuous vulnerability management and compliance
  • Full stack runtime protection with a single agent
  • Vulnerability management
    Vulnerability management
  • Host compliance
    Host compliance
  • Runtime defense
    Runtime defense
  • Image scanning
    Image scanning
  • Auto-discovery


Our approach to Host Security

Vulnerability management

Improve your hygiene and reduce the risk of exposure in your cloud environments by identifying vulnerabilities continuously before and after deployment. Prisma Cloud finds, prioritizes and protects against vulnerabilities in real time from a centralized dashboard.

  • Build golden pipelines by identifying vulnerable machine images

    Scan VM images prior to deployment to alert on or block vulnerabilities from being deployed.

  • Rank vulnerabilities by risk for prioritization

    Prioritize vulnerabilities based on risk score and risk factors based on your applications’ configurations.

  • Gain a real-time view into vulnerabilities

    Scan running hosts continuously, with minimal increased load, against the latest vulnerability databases.

  • Gain a consolidated view into risk across your stack from one agent and console

    View risks across your hosts, containers and serverless applications from one agent and console.

  • Protect against unpatched vulnerabilities

    Leveraging our WAAS module, you can block attempted exploits of vulnerabilities prior to patching the operating system.

Host compliance

In addition to traditional compliance concerns around Linux and Windows settings, cloud native hosts need proper configurations for Kubernetes nodes and container runtimes. Meanwhile, cloud VMs have a shorter lifetime than traditional VMs. Prisma Cloud assesses host compliance as an image and at runtime for an end-to-end and continuous view of your host posture.

  • A single view into compliance across environments

    Gain a comprehensive view of all your hosts, along with images and functions, and their current compliance posture, for pre-built and custom policies.

  • Assess against out-of-the-box benchmarks, including CIS

    Compare host compliance against Linux, Windows, and Kubernetes node- and container-based policies from popular benchmarks, including CIS, PCI DSS, HIPAA, GDPR and NIST.

  • Customize and extend compliance policies

    Easily add custom policies for your organizations’ policies using the same framework as our container custom policies.

  • Begin checks at the image level

    Scan VM images for compliance violations and block violating images from being deployed.

Runtime defense

Virtual machines can be locked down to purpose-built use cases only. Prisma Cloud leverages runtime modeling for file integrity monitoring and to identify anomalies as well as protect against malicious applications.

  • Automate threat protection

    Automatically profile secure runtime behavior and alert or block anomalous behavior, preventing attacks.

  • Enjoy full virtual machine protection

    Integrated protection across running processes, file system use, host log inspection and custom runtime rules.

  • Activate File Integrity Monitoring and Host Log Inspection

    Enforce FIM and log inspection, core requirements for both runtime protection and achieving compliance.

  • Trace forensic events that led to an incident

    Gather forensic details in a timeline to identify the events that led to an incident and enable incident response.

  • Create allow and block lists for fine-grained control

    Alert on or block behavior from Prisma Cloud’s list of malicious behavior, such as cryptominers, or add your own allow and block lists for processes, networking and file systems.

Image scanning

Cloud marketplaces images and in-house image snapshots offer custom images prebuilt for specific use cases, but they are not always secure. Prisma Cloud scans VM images just like a container image registry to identify vulnerabilities, compliance violations and malware.

  • Identify vulnerabilities before deployment

    Scan marketplace and private images to identify vulnerable pre-installed components.

  • Block noncompliant images

    Identify policy violations and misconfigurations present in unlaunched instances.

  • Identify hidden malware

    Vet images for malware in a sandboxed environment based on our intelligence streams, which include integration with our WildFire® service.

  • Build a library of vetted images

    Create a set of pre-vetted images for developer teams to leverage, knowing they are secure and compliant.

Auto-discovery and auto-protection

Developer cloud accounts and ephemeral hosts makes visibility in the cloud more challenging. Prisma Cloud automates the discovery and protection of hosts in your cloud environment. Find and protect instances across your multi-cloud environments.

  • Discover VMs running across clouds

    Find all running hosts across your various cloud environments leveraging API based discovery.

  • Identify unmanaged virtual machines

    Scan cloud accounts for virtual machines running without any agent protection.

  • Protect hosts without manually installing

    Automatically install agents with runtime defense on unprotected hosts.

  • Secure hosts and containers with one installation

    Auto-protect hosts with an automatically installed agent that protects the host itself and all containers running on that node.

Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Workload Protection modules

Host Security

Secure virtual machines (VMs) on any public or private cloud.

Container Security

Secure Kubernetes and other container platforms on any public or private cloud.

Serverless Security

Secure serverless functions across the full application lifecycle.

Web Application & API Security

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.