Host Security

Securing cloud VMs for any public or private cloud with Prisma® Cloud.
Request a Trial
Host Security Hero Front Image
Host Security Hero Back Image

Linux and Windows® hosts make up the backbone of many cloud native applications, from cloud instances to Kubernetes® nodes. Applications that run on unprotected, insecure hosts introduce risk and are susceptible to attack.

Prisma Cloud Named a leader in CWS in The Forrester Wave™.

Download the report
1

Cloud workloads are ephemeral and run on demand

The ease of starting a cloud VM means many teams build and maintain their own architectures, leaving security teams blind and hosts unsecured. Maintaining visibility and implementing security across clouds can be difficult as workloads are started and stopped in a short period of time.
2

Security capabilities are delivered across siloed security solutions

With traditional solutions and legacy endpoint solutions, security teams end up deploying and monitoring security risks across multiple consoles. Increasing the total cost of ownership and mean time-to-resolution.
3

Not all virtual machine images are secure by default

Cloud marketplaces contain VM images that are tailored to a developer’s needs, but may be outdated, have known vulnerabilities or contain malware. We’ve moved away from golden images, but that leaves organizations exposed to vulnerabilities.

Secure cloud hosts across any environment

Prisma Cloud offers a unified platform for securing cloud VMs. Automatically detect and protect cloud hosts with vulnerability management, compliance, runtime protection and anti-malware capabilities. Secure your virtual machines across clouds and environments. Protect Linux and Windows® hosts from malicious processes and applications. Leverage a single agent to protect the host and the containers running on the host.
  • Complete lifecycle support from VM images to instances
  • Continuous vulnerability management and compliance
  • Full stack runtime protection with a unified platform
  • Cloud Auto Protection Logo
    Cloud Auto Protection
  • CI/CD & VM Image scanning Logo
    CI/CD & VM Image scanning
  • Vulnerability management Logo
    Vulnerability management
  • Host compliance Logo
    Host compliance
  • Runtime defense Logo
    Runtime defense
THE PRISMA CLOUD SOLUTION

Our approach to Host Security

Auto-discovery and auto-protection

Developer cloud accounts and ephemeral hosts makes visibility in the cloud more challenging. Prisma Cloud automates the discovery and protection of hosts in your cloud environment. Find and protect instances across your multi-cloud environments.

  • Discover VMs running across clouds

    Find all running hosts with complete cloud metadata across your various cloud environments leveraging API-based discovery.

  • Identify unmanaged virtual machines

    Get a quick view of your security coverage, identifying virtual machines without any agent protection across all of your clouds.

  • Auto-protect hosts without manually installing agents

    Rule-based automated agent install protects unprotected hosts. Flexibly define scope by Accounts and Tags to enable protection for existing and future instances being spun up

  • Secure hosts and containers with one installation

    Auto-protect hosts with an automatically installed agent that protects the host itself and all containers running on that node.

Learn more
Image of Auto-discovery and auto-protection

CI/CD & VM Image scanning

Cloud marketplaces images and in-house image snapshots offer custom VM images prebuilt for specific use cases, but they are not always secure. Avoid detecting known vulnerabilities and configuration issues in runtime by integrating Prisma Cloud automated scans to create sanitized VM images.

  • Build golden pipelines by identifying vulnerable machine images

    Introduce security into your Image factory, automate security scans in DevOps speed to create.

  • VM image library scans

    Scan marketplace and private images like AMIs to identify vulnerable pre-installed components and identify the impact.

  • Build a library of vetted images

    Create a set of pre-vetted images for developer teams to leverage, knowing they are secure and compliant.

Learn more
Image of CI/CD & VM Image scanning

Vulnerability management

Improve your hygiene and reduce the risk of exposure in your cloud environments by identifying vulnerabilities continuously before and after deployment. Prisma Cloud finds, prioritizes and protects against vulnerabilities in real time from a centralized dashboard.

  • Broader coverage and faster detection

    Get vulnerability detections across the full stack (OS, Applications and code) of your cloud servers in less than a few minutes. Eliminate blindspots with bespoke detections for unpackaged software.

  • Automated risk prioritization

    Get a global view of vulnerability posture of your entire environment. Identify the vulnerability trend and the top vulnerabilities impacting your hosts. Automated prioritization of vulnerabilities with on risk score and risk factors based on CVSS, exploitable threats, and your applications’ configurations.

  • Gain a consolidated view into risk across your stack from one agent and console

    View risks across your hosts, containers and serverless applications from one agent and console.

Learn more
Image of Vulnerability management

Host compliance

In addition to traditional compliance concerns around Linux and Windows settings, cloud native hosts need proper configurations for Kubernetes nodes and container runtimes. Meanwhile, cloud VMs have a shorter lifetime than traditional VMs. Prisma Cloud assesses host compliance as an image and at runtime for an end-to-end and continuous view of your host posture.

  • A single view into compliance across environments

    Gain a comprehensive view of all your hosts, along with images and functions, and their current compliance posture, for pre-built and custom policies.

  • Assess against out-of-the-box benchmarks, including CIS

    Compare host compliance against Linux, Windows, and Kubernetes node- and container-based policies from popular benchmarks, including CIS, PCI DSS, HIPAA, GDPR and NIST.

  • Customize and extend compliance policies

    Easily add custom policies for your organizations’ policies using the same framework as our container custom policies.

  • Begin checks at the image level

    Scan VM images for compliance violations and standardize images pre-deployment.

Learn more
Image of Host compliance

Runtime defense

Virtual machines can be locked down to purpose-built use cases only. Prisma Cloud leverages runtime modeling for file integrity monitoring and to identify anomalies as well as protect against malicious applications.

  • Automate threat protection

    Automatically profile secure runtime behavior and alert or block anomalous behavior, preventing attacks.

  • Enjoy full virtual machine protection

    Integrated protection across running processes, file system use, host log inspection and custom runtime rules.

  • Activate File Integrity Monitoring and Host Log Inspection

    Enforce FIM and log inspection, core requirements for both runtime protection and achieving compliance.

  • Trace forensic events that led to an incident

    Gather forensic details in a timeline to identify the events that led to an incident and enable incident response.

  • Create allow and block lists for fine-grained control

    Alert on or block behavior from Prisma Cloud’s list of malicious behavior, such as cryptominers, or add your own allow and block lists for processes, networking and file systems.

Learn more
Image of Runtime defense
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the industry’s most complete Cloud Native Application Protection Platform (CNAPP), with the industry’s broadest security and compliance coverage—for infrastructure, workloads, and applications, across the entire cloud native technology stack—throughout the development lifecycle and across hybrid and multicloud environments.
Learn more

Cloud Workload Protection modules

HOST SECURITY

Secure virtual machines (VMs) on any public or private cloud.

Learn more

CONTAINER SECURITY

Secure Kubernetes and other container platforms on any public or private cloud.

Learn more

SERVERLESS SECURITY

Secure serverless functions across the full application lifecycle.

Learn more

WEB APPLICATION & API SECURITY

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.

Learn more
Featured Resources

Get more insight into what Prisma Cloud can do for your business

See all resources
Blog

Enhanced Runtime Protection with Prisma Cloud

Read the blog
E-book

The Complete Guide to Kubernetes Security

Download
Blog post

Automating Visibility and Protection for Cloud VMs

Read the blog
Blog

Flexibility Meets Security with Customer Compliance Checks for Cloud VMs

Read the blog

Customer Stories

Hear how Pokemon, Sabre and ElevenPaths take advantage of Prisma Cloud's full lifecycle security and full stack protection.

Cloud security basics

Learn about DevSecOp trends and get practical tips from developers, industry leaders and security professionals.

The latest from our blog

Start with a piece that focuses on container security with Kubernetes cluster awareness, then dive into the rest.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability