Identity and Access Management Security

Enforce permissions and secure identities across workloads and cloud resources.

Overly permissive roles, poor credential hygiene and accidental public exposure have all contributed to some of the most significant vulnerabilities of enterprise cloud environments.

IAM Security Controls to Protect Cloud Entitlements.

Monitor permissions and continuously enforce least-privileged access

The IAM Security module provides users with broad visibility into effective permissions, continuously monitors cloud environments for risky and unused entitlements, and automatically makes least privilege recommendations. Users gain simple yet powerful insight into the net-effective permissions for every role – including those associated with an IDP provider – all seamlessly integrated into Prisma® Cloud.
  • Query permissions across users, compute instances, cloud resources and more
  • Monitor excessive and unused privileges
  • Automate remediation of overly permissive roles
  • Net-effective permissions
    Net-effective permissions
  • Rightsizing permissions
    Rightsizing permissions
  • IAM entitlement investigation
    IAM entitlement investigation
  • IDP integration
    IDP integration
  • Automated remediation
    Automated remediation

THE PRISMA CLOUD SOLUTION

Our approach to IAM security

Net-effective permissions

Gain deep visibility into who has the ability to take what actions on which resources. By running complex calculations that analyze permissions, such as AWS IAM roles, policies and groups; AWS resource-based policies; and AWS service control policies (SCPs), the IAM Security module can precisely determine net-effective permissions.

  • Manage cloud entitlements from a single solution

    Gain integrated capabilities delivered from Prisma Cloud that extend everything we do for Cloud Security Posture Management (CSPM) to cloud identities.

  • Implement pre-built policies

    Leverage specialized out-of-the-box policies to detect risky permissions and remove unwanted access to cloud resources.

  • Audit permissions for internal compliance

    Quickly audit cloud permissions with related user data, service data and cloud accounts.


Rightsizing permissions

Specialized out-of-the-box policies detect risky permissions and help remove unwanted access to cloud resources. Automatically detect overly permissive user access, and then leverage automated recommendations to rightsize them to achieve least-privileged access.

  • Implement pre-built policies

    Use out-of-the-box policies to detect public access, wildcards, risky permissions and more.

  • Prevent drift

    Govern IAM-specific permissions and prevent entitlement drift.

  • Detect overly permissive policies

    Remove unwanted access to cloud resources by automatically detecting overly permissive access policies.


IAM entitlement investigation

Query all relevant IAM entities, including all the relationships among different entities and their effective permissions across cloud environments. Understand which user can take what actions on which resources. Turn queries into custom cloud-agnostic policies and define remediation steps as well as compliance implications.

  • Investigate IAM entitlements

    See real-time and historical data to understand IAM activity and entitlements.

  • Query data to get the full picture of user activity

    Gain a detailed view of suspicious activity as well as connected accounts and resources.

  • Query data specific to identity providers

    Discover overly permissive roles of IDP users and correlate results with cloud identities, such as IAM users and machine identities.


IDP integration

Integrate with identity provider (IDP) services like Okta to ingest single sign-on (SSO) data. View effective permissions and overly permissive roles of IDP users as well as correlate results with cloud identities, such as IAM users and machine identities.

  • Leverage integrated support for Okta

    Ingest single sign-on (SSO) data for an effective permissions calculation and list the effective permissions of Okta users across cloud accounts.

  • Query data specific to identity providers

    Discover overly permissive roles of IDP users and correlate results with cloud identities, such as IAM users and machine identities.

  • Turn queries into cloud-agnostic policies

    Easily build custom guardrails for IDP users by turning RQL queries into IAM security policies with specific compliance and remediation implications.


Automated remediation

Automatically adjust permissions and continuously enforce least-privileged access. Send alert notifications to 14 third-party tools, including email, AWS Lambda and Security Hub, PagerDuty®, ServiceNow® and Slack®.

  • Activate automated remediation for over-privileged users

    Get suggestions for ideal permissions levels for any cloud user from Prisma Cloud.

  • Support for 14 common integrations

    Seamlessly integrate Prisma Cloud alerting with your existing alert management tools with built-in support for 14 third-party tools.

  • Remediation playbooks

    Leverage custom Cortex® XSOAR playbooks for Prisma Cloud and easily operationalize advanced security orchestration capabilities.


Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Infrastructure Entitlement Management (CIEM) modules

IAM Security

Centrally manage identities and govern access across clouds.