Visibility, Compliance and Governance

Monitor posture, detect and remediate risks, and maintain compliance with Prisma® Cloud

Gartner forecasts that through 2023, 99% of cloud security failures will be the customer’s fault. Complete visibility into every deployed resource as well as absolute confidence in their configuration and compliance status is foundational to a robust cloud security posture.

Read about our unique approach to Cloud Security Posture Management.

Gain complete visibility into all your multi-cloud resources

Prisma Cloud provides security teams with full visibility into all of their cloud assets and simplifies compliance reporting. Prisma Cloud maintains support for more than 20 compliance frameworks, with support for custom frameworks, and enables one-click audit-ready reporting.

With a single solution, prevent misconfigurations and drift by immediately enforcing policy guardrails from a library of more than 700 pre-built cloud security policies
  • Support for the world’s five largest clouds
  • Complete visibility into every deployed resource
  • Continuously enforce compliance
  • Asset inventory
    Asset inventory
  • Configuration management
    Configuration management
  • Easy-to-use query language
    Easy-to-use query language
  • Compliance reporting
    Compliance reporting
  • Infrastructure-as-code scanning
    Infrastructure-as-code scanning
  • Automated remediation
    Automated remediation

THE PRISMA CLOUD SOLUTION

Our approach to Visibility, Compliance and Governance

Cloud asset inventory

Maintaining a current inventory of deployed resources requires continuous discovery and automatic classification as soon as new resources are deployed. Prisma Cloud also maintains a history of configuration changes, enabling users to understand exactly when a new security issue was introduced and by whom, to simplify cloud forensics and auditing.

  • A single dashboard for all your cloud assets

    Continuously track resources across multiple clouds and surface their risk posture in a single view for comprehensive security.

  • Support for the world’s five largest clouds

    Enjoy comprehensive security for all your assets, with support for AWS®, Azure®, Google Cloud, Alibaba Cloud and Oracle Cloud Infrastructure.

  • Detailed resource classification

    Use API metadata to automatically determine the resource types that compose every environment, workload and application. Understanding the types of resources deployed is a key element to determining security posture.

  • Real-time and historical views into risk

    Track the risk posture of assets in real time and gain detailed historical context from fine-grained audit trail analysis.


Configuration management

Ensuring newly deployed resources are securely configured and preventing configuration drift requires policy guardrails. Prisma Cloud ships with more than 700 policies aligned to compliance frameworks and industry best practices.

  • Immediately enforce security guardrails

    Ensure a strong cloud security posture from day one without having to build hundreds of policies from scratch. Leverage the rich policy library built into Prisma Cloud.

  • Prevent configuration drift

    Continuously enforce security policies and ensure resources perpetually align to guardrails. When resources can be created and destroyed in minutes, it's important to ensure security policies stay relevant.

  • Augment your security with custom policies

    Adjust Prisma Cloud policies to meet your specific requirements, or add custom policies to bolster pre-built policies for more complete coverage.


Easy-to-use query language

Gain security and operational insights about your deployments in public cloud environments. Perform configuration checks on resources and query network events across different cloud platforms. Turn queries into custom cloud-agnostic policies and define remediation steps as well as compliance implications.

  • Immediately gain insights

    Perform configuration checks on resources deployed on different cloud platforms and gain unmatched visibility and insights into user and network events.

  • Ask nearly any question

    Search for the configuration of cloud resources, audit all the console and API access events in your cloud environment, or search real-time network events in your environment with detailed network graph depicting actual traffic between resources.

  • Craft cloud-agnostic policies

    Turn any query into a cloud-agnostic policy with a single click. Map compliance frameworks or remediation steps for each policy for a seamless experience across multi-cloud environments.


Compliance monitoring and reporting

Prisma Cloud supports more than 20 compliance standards, including PCI DSS, HIPAA, GDPR, SOC2, NIST 800-171, NIST 800-53, NIST CSF, ISO 27002, CCPA, CCM and any custom frameworks. Generate audit-ready reports with a single click.

  • Continuous compliance monitoring

    Take advantage of out-of-the-box support for more than 20 compliance frameworks and a rich interactive dashboard, enabling even the most resource-constrained security teams to easily manage and enforce compliance across multi-cloud environments.

  • One-click audit reporting

    Generate audit-ready reports against any compliance standard with one click. Granular details identify the specific violating resources and provide the necessary guidance to correct specific compliance issues.

  • Real-time and historical data at your fingertips

    Surface compliance data in real time and with historical context to give your teams the data they need for audits and reporting.


Infrastructure-as-code scanning

Prisma Cloud offers software plugins for developers to proactively perform configuration/compliance assessments of infrastructure-as-code (IaC) templates, including AWS CloudFormation, HashiCorp Terraform and Kubernetes deployment YAMLs, to reduce risk in production environments.

  • Identify misconfigurations early in development

    Give developers and DevOps teams visibility into their infrastructure configurations directly in their development tooling.

  • Use native plugins optimized for developer toolkits

    Employ numerous plugins for IDE, SCM, CI and CD tooling used by developers. This frictionless approach enables developers to scan their IaC templates directly in the products they use to build and deploy their code.

  • Maintain DevOps inventory for centralized visibility

    In addition to complete visibility into every deployed resource, gain centralized visibility into IaC scan results, including specific details such as which policy violations failed.

  • Set global policies for development and DevOps

    Enable your security and DevOps teams to work together to improve risk posture by setting policies covering their build and deploy pipelines.


Automated remediation

Automatically resolve policy violations, such as misconfigured security groups, within the Prisma Cloud console. Send alert notification to 14 third-party tools, including email, AWS Lambda, Security Hub, PagerDuty®, ServiceNow® and Slack®. Integrate with SOAR tools including Cortex® XSOAR for multi-step remediation playbooks.

  • Automatically resolve misconfigurations

    Auto-resolve policy violations, such as misconfigured security groups. Prisma Cloud runs the CLI command associated with the policy where it discovered the violation.

  • Support for 14 common integrations

    Seamlessly integrate Prisma Cloud alerting with existing alert management tools with built-in support for 14 third-party tools.

  • Remediation playbooks

    Leverage custom Cortex® XSOAR playbooks for Prisma Cloud and easily operationalize advanced security orchestration capabilities.


Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.

Cloud Security Posture Management modules

Visibility, Compliance and Governance

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

Threat Detection

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

Data Security

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.

Infrastructure as Code Security

Automated IaC security embedded in developer workflows.