Prisma Cloud by
Palo Alto Networks

Secure from Code to Cloud and Beyond

Prisma Cloud is a Cloud Native Application Protection Platform (CNAPP) that secures applications from Code to Cloud across multi-cloud environments. The platform delivers comprehensive security with both continuous visibility and proactive threat prevention throughout the application lifecycle. Prisma Cloud enables security and DevOps teams to effectively collaborate to accelerate secure cloud-native application development and deployment.

Protect Application from Code to Cloud


Code-to-Cloud Intelligence

Connect the developer environment to application runtime insights to prevent risks and stop breaches.


Secure the Source

Shift left and secure applications by design. Prevent risks and misconfigurations from entering production.


Secure the Infrastructure

Attain multi-cloud risk visibility, ensure compliance, detect threats, address misconfigurations, and manage identities.


Secure the Runtime

Prevent malware, exploits, and C2 attacks. Secure web applications against OWASP threats, bots, address API risks, and prevent lateral movement and data exfiltration.

Prisma Cloud – Cloud Security Posture Management (CSPM)

The CSPM is an API-based service that offers a complete view and effective control over the security status of each deployed resource. Unlike solutions that merely collect asset data, Prisma Cloud goes further by analyzing and standardizing diverse data sources, delivering unparalleled clarity on potential risks.

Visibility, Compliance, and Governance


    • Cloud Asset Inventory: Access real-time visibility for 4+ billion assets via a unified console. Automated workload classification across 350+ services.
    • Configuration Assessment: Enforce guardrails with 1,500+ policies across 350+ cloud services. Auto-fix misconfigurations and create custom multi-cloud policies.
    • Compliance Management: Monitor compliance effortlessly with one-click reporting (CIS, GDPR, HIPAA, ISO-27001). Auto-remediate violations and support custom reporting.
    • Easy-to-Use Query Language: Gain insights with an intuitive query language for public cloud environments. Perform checks, query network events, and create cloud-agnostic policies.
    • Automated Remediation: Resolve violations in the Prisma Cloud console. Trigger alerts to 14 third-party tools, integrating seamlessly with SOAR tools like Cortex® XSOAR™.

Threat Detection


Cloud security requires more than static or rule-based policies alone. Complementing traditional approaches, anomaly-based policies, powered by machine learning, monitor and report on unusual activities, providing a comprehensive threat detection strategy.


    • Network Threat Detection: Analyze 500 billion weekly flow logs to identify unusual network activities, including port scans, port sweeps, DNS-based threats like domain generation algorithms (DGA), and crypto mining.
    • User Entity Behavior Analytics (UEBA): Monitor cloud environments for unusual user activities, uncovering insider threats and potential account compromises. Leverage industry-leading machine learning with over 5 billion weekly ingested audit logs.
    • Integrated Threat Detection Dashboards: Utilize powerful dashboards within our console to highlight alerts and compromises, simplifying the understanding of suspicious network communication and user activity.

Data Security


Prisma Cloud Data Security uniquely combines Palo Alto Networks Enterprise Data Loss Prevention (DLP) and WildFire® malware prevention service to offer a comprehensive cloud-native solution for discovering and protecting data in public cloud environments.


    • Multicloud Data Visibility: Quickly assess data security in AWS S3 and Azure Storage Blob, identifying exposed resources.
    • Data Governance: Detect PII and enforce compliance profiles for various data types for healthcare, financial, and intellectual property based on mandates.
    • Malware Detection: Leverage WildFire for identifying and safeguarding against file-based threats in storage accounts.
    • Alerting: Receive object-specific alerts based on data classification, exposure, and file types. Forward alerts to AWS SQS, Azure Queuing Services, Splunk®, and Webhooks for prompt response.

Prisma Cloud – Cloud Workload Protection (CWP)

Prisma Cloud offers cloud workload protection as a Software as a Service (SaaS) option that helps deploy and manage infrastructures. It’s a single management console for threat detection, prevention, and response for your heterogeneous environment, where teams can leverage public cloud platforms and a rich set of microservices to build and deliver applications rapidly.

    • Vulnerability Management – delivers a centralized view to help prioritize risks in real-time across public cloud, private cloud, and on-premises environments.
    • Compliance – delivers real-time and historical views into compliance status for hosts, containers, and serverless functions.
    • CI / CD Security – secure cloud-native applications; security must be addressed before deployment and integrated across the application lifecycle.
    • Runtime Defense – ensure hosts, containers, and serverless applications are secure — whether running on public clouds, private clouds, or on-premises.
    • Container Access Control – leverage security optimized for cloud-native architectures.
    • Image Analysis Sandbox – expose risks and identify suspicious dependencies buried deep in your software supply chain that static analysis would otherwise miss.
    • Trusted Images – control and declare by the policy which registries, repositories, and images you trust, and respond when untrusted images are started in your environment.
    • Agentless Scanning – provides quick risk assessments, including known CVEs, misconfigurations, and other security issues.
    • Agent-based Protection – provides deep forensic visibility and preventive policies to block and stop suspicious activity.

Prisma Cloud – Code Security, IaC Security, CI/CD Security (Application Security)

Prisma Cloud offers a single tool for securing code across all modern architectures and software supply chains with embedded security into DevOps tools across the development lifecycle. It helps developers and security teams identify security misconfigurations in common infrastructure-as-code with Prisma Cloud IaC scanning capabilities.

    • Infrastructure as code scanning – streamlines security throughout the software development lifecycle using automation and embedding security into workflows.
    • Container Image Scanning – allows security teams to implement guardrails to prevent vulnerabilities, compliance violations, and exposed secrets in container images.
    • Policy as code – offers policy-as-code to provide controls built into code that can be replicated, version-controlled, and tested against live code repositories.
    • CI / CD Security – provides a powerful yet simple way to gain visibility and control application delivery pipelines.
    • Secrets security – Find and remove secrets in IaC templates and container images in development environments and build time using signatures and heuristics.
    • Software composition analysis – integrates with developer tools to identify vulnerabilities in open-source packages and their full dependency trees with support for flexible and granular bump fixes.
    • OSS license compliance – open-source licenses for dependencies and can alert or block deployments based on customizable license policies.

Your Applications Deserve Better Security.
Best-In-Class Or Platform Approach? No Need To Choose
 With Prisma Cloud.

  • Code to Cloud Intelligence
  • Prevention First, to reduce risks and threats.
  • Continuous Real-Time Visibility
  • Security Choice

Prisma Cloud in Action

Gain the ability to prioritize, investigate, remediate, report, and act decisively to reduce risks and prevent breaches.

Watch how Prisma Cloud’s Code to Cloud Intelligence addresses challenges faced by security and development teams.