Host Security

Securing cloud VMs for any public or private cloud with Prisma Cloud.
Host Security Hero Front Image
Host Security Hero Back Image

Linux and Windows® hosts make up the backbone of many cloud-native applications, from cloud instances to Kubernetes® nodes. Applications that run on unprotected, insecure hosts introduce risk and are susceptible to attack.

Secure cloud hosts across any environment

Prisma Cloud offers a unified platform for securing cloud VMs. Automatically detect and protect cloud hosts with vulnerability management, compliance, runtime protection and anti-malware capabilities. Secure your virtual machines across clouds and environments. Protect Linux and Windows hosts from malicious processes and applications. Leverage flexible deployment options via agents or agentless approach to protect the host and the containers running on the host.
  • Support for Linux and Windows in public and private clouds
  • Continuous vulnerability management and compliance
  • Full-stack runtime protection with a unified platform
  • Vulnerability management Logo
    Vulnerability management
  • Host compliance Logo
    Host compliance
  • Runtime defense Logo
    Runtime defense
  • Image scanning
    Image scanning
  • Auto-discovery


Our approach to Host Security

Vulnerability management

Improve your hygiene and reduce the risk of exposure in your cloud environments by identifying vulnerabilities continuously before and after deployment. Prisma Cloud finds, prioritizes and protects against vulnerabilities in real time from a centralized dashboard.

  • Build golden pipelines by identifying vulnerable machine images.

    Scan VM images prior to deployment to alert on or block vulnerabilities from being deployed.

  • Rank vulnerabilities by risk for prioritization.

    Prioritize vulnerabilities based on risk score and risk factors based on your applications’ configurations.

  • Gain a real-time view into vulnerabilities.

    Scan running hosts continuously, with minimal increased load against the latest vulnerability databases.

  • Gain a consolidated view into risk across your stack from a single pane of glass.

    View risks across your hosts, containers and serverless applications from one unified console with flexible deployments (agents and agentless).

  • Protect against unpatched vulnerabilities.

    Leveraging our WAAS module, you can block attempted exploits of vulnerabilities prior to patching the operating system.

Image of Vulnerability management

Host compliance

In addition to traditional compliance concerns around Linux and Windows settings, cloud-native hosts need proper configurations for Kubernetes nodes and container runtimes. Meanwhile, cloud VMs have a shorter lifetime than traditional VMs. Prisma Cloud assesses host compliance as an image and at runtime for an end-to-end and continuous view of your host posture.

  • A single view into compliance across environments.

    Gain a comprehensive view of all your hosts, along with images and functions and their current compliance posture, for prebuilt and custom policies.

  • Assess against out-of-the-box benchmarks, including CIS.

    Compare host compliance against Linux, Windows, and Kubernetes node- and container-based policies from popular benchmarks, including CIS, PCI DSS, HIPAA, GDPR and NIST.

  • Customize and extend compliance policies.

    Easily add custom policies for your organization’s policies using the same framework as our container custom policies.

  • Begin checks at the image level.

    Scan VM images for compliance violations and block violating images from being deployed.

Image of Host compliance

Runtime defense

Virtual machines can be locked down to purpose-built use cases only. Prisma Cloud leverages runtime modeling for file integrity monitoring and to identify anomalies as well as protect against malicious applications.

  • Automate threat protection.

    Automatically profile secure runtime behavior and alert or block anomalous behavior, preventing attacks.

  • Enjoy full virtual machine protection.

    Integrated protection across running processes, file system use, host log inspection and custom runtime rules.

  • Activate File Integrity Monitoring (FIM) and Host Log Inspection:

    Enforce FIM, log inspection and core requirements for both runtime protection and achieving compliance.

  • Trace forensic events that led to an incident.

    Gather forensic details in a timeline to identify the events that led to an incident and enable incident response.

  • Create allow and block lists for fine-grained control.

    Alert on or block behavior from Prisma Cloud’s list of malicious behavior, such as cryptominers, or add your own allow and block lists for processes, networking and file systems.

Image of Runtime defense

Image scanning

Cloud marketplaces images and in-house image snapshots offer custom images prebuilt for specific use cases, but they are not always secure. Prisma Cloud scans VM images just like a container image registry to identify vulnerabilities, compliance violations and malware.

  • Identify vulnerabilities before deployment.

    Scan marketplace and private images to identify vulnerable preinstalled components.

  • Block noncompliant images.

    Identify policy violations and misconfigurations present in unlaunched instances.

  • Identify hidden malware.

    Vet images for malware in a sandboxed environment based on our intelligence streams, which include integration with our WildFire® service.

  • Build a library of vetted images.

    Create a set of prevetted images for developer teams to leverage, knowing they are secure and compliant.

Image of CI/CD & VM Image scanning

Auto-discovery and auto-protection

Developer cloud accounts and ephemeral hosts makes visibility in the cloud more challenging. Prisma Cloud automates the discovery and protection of hosts in your cloud environment. Find and protect instances across your multicloud environments.

  • Discover VMs running across clouds.

    Find all running hosts across your various cloud environments leveraging API-based discovery.

  • Identify unmanaged virtual machines.

    Scan cloud accounts for virtual machines running without any agent protection.

  • Protect hosts with flexible deployment options.

    Automatically uncover threats with flexible deployment options via agents and agentless options in your environments.

  • Secure hosts and container runtime.

    Auto-protect hosts with an automatically installed agent that protects the host itself and all containers running on that node.

Image of Auto-discovery and auto-protection
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the industry’s most complete cloud-native application protection platform (CNAPP), with the industry’s broadest security and compliance coverage — for infrastructure, workloads and applications across the entire cloud-native technology stack — throughout the development lifecycle and across hybrid and multicloud environments.

Cloud Workload Protection modules


Secure virtual machines (VMs) on any public or private cloud.


Secure Kubernetes and other container platforms on any public or private cloud.


Secure serverless functions across the full application lifecycle.


Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.


Valuable Host Security documents