Prisma Cloud Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Incident response is a daily problem to solve in cybersecurity. Bad actors are constantly looking for new ways to hack into an enterprise. Due to the consequences of ill-intentioned hacking causing potential distress at a global scale, we all have a responsibility to be as prepared as possible to better protect our environments by the proactive action of incident response. Through the Cloud Workload Protection Platform (CWPP) of Prisma Cloud, there are ways to be proactive in achieving goals in incident response while creating protocols to coherently scope your applications and accounts in these environments. In this article, you will learn about the primary scoping utility that is available to you in the console through collections and approaches to optimally create scope.   When utilizing the Prisma Cloud Compute Console, a tool that can help you have the most efficient environmental setup within each cloud environment is collections . Collections allow you to be able to have the scoping that is necessary to be able to triage your incident response as well as proactively give you the capabilities that you will need to be able to report on any incident. Collections will also allow you to have an organized view into your cloud resources to be able to better help with your use cases. If your cloud environment is disorganized at the cloud service provider level, it will be a good practice to begin to organize these environments. One option is to look within the console to be able to work backwards in creating this coherency in every environment over time. Let’s begin to take a look at how collections can help you to have a better experience in utilizing cloud security technologies. 
View full article
Prisma Cloud Compute protects your containerized environment according to the policies you set in Prisma Cloud Console. Watch this demo with RD Singh, Sr. Customer Success Engineer, to learn how to Protect AWS ECS EC2 nodes and Fargate task with Prisma Cloud Compute Defender.
View full article
In December 2022 we released latest capabilities for Prisma Cloud Compute including API Risk Profiling, Enhanced Vulnerability Explorer, App Control for Hosts and Container support for Agentless Workload Scanning. We would like to showcase and demo new functionalities.
View full article
Prisma Cloud Compute provides a dynamic admission controller for Kubernetes and OpenShift that is built on the Open Policy Agent (OPA). Watch this demo with RD Singh, Sr. Customer Success Engineer, to learn how to enable dynamic admission controller to intercept admission requests to API Server, and then accept or reject those requests as per admission policy configured in the Prisma Cloud Compute. Note: Prisma Cloud currently does not support Admission Controller for Windows. To read the step-by-step instructions outlined in this video, visit our TechDocs:  Access Control: Open Policy Agent
View full article
This guide describes how to configure agentless vulnerability and compliance scanning for virtual machines in Microsoft Azure subscriptions.   This article will use a credential dedicated to the agentless scanning process.  In Prisma Cloud Enterprise Edition  / SaaS, you have the additional option of using a Prisma Cloud onboarded account credential which will be covered in a future article. The creation and use of an Azure service principal credential are also supported in SaaS.
View full article
Prisma Cloud Compute Agentless scanning enables you to quickly gain comprehensive visibility into vulnerability and compliance risks without having to install an agent on each host.   Cloud environments are dynamic in nature. Prisma Cloud gives you the flexibility to choose between agentless and agent-based security. At this time, Prisma Cloud supports agentless scanning of VMs on AWS, GCP and Azure.   This article outlines the process of setting Prisma Cloud Compute Agentless to scan Google Cloud Platform (GCP) Compute Engine to discover vulnerabilities and compliances.  
View full article
Detect DNS based Threats With Prisma Cloud Being one of the core foundations of the internet, DNS is equally important in the Public Cloud environment. But, DNS is a blind spot to many organizations' security strategies. Network applications rely on DNS to translate domain names to IP addresses- this is fundamental to detect any communication between an infected host and a C&C server. Prisma Cloud helps detect these hidden threats in DNS traffic in the AWS environment. Activities like Domain Generation Algorithm (DGA) and cryptomining domain request activity can be detected in AWS environments with Prisma Cloud DNS Threat Detection. Join us for a session to uncover more about the DNS based threat detection capabilities with a demo and overview of DNS Threat Detection service.
View full article
October 2022 - Monthly Product Management Office Hours - Cloud Code Security     Open source is core to how modern applications are built. Between infrastructure as code and package dependencies, well over half of the average code base is open source. Identifying and remediating vulnerabilities and misconfigurations throughout the development lifecycle is the easiest way to secure a majority of attack vectors for an application. Join Taylor Smith, who shares Prisma Cloud’s advanced software composition analysis and infrastructure as code security capabilities. Come see what’s new with newly supported frameworks and package managers, secrets detection, SBOMs, software supply chain security, and more.
View full article
Throughout the security lifecycle of an application or cloud environment it is important to be able to understand the tools available to each security professional. One of the best tools for any security professional to be able to use is scripting. Scripting allows one to create a program that automates an individual task and, when coupled with the Prisma Cloud Compute Workload Protection Platform (CWPP), you can effectively complete your use cases with ease. All that it takes to create a script is an understanding of the tools available to you, practice, and studying the available documentation of API calls that can interface with your scripting program.    Through the CWPP API and this article, you will be able to begin to establish a new way to be able to solve your company’s problems while enhancing your available tools in problem solving. In this article, we are utilizing a SaaS CWPP console for the examples and a text editor which can save text files for scripting along with a linux command line available in MacOS terminal or in Windows with Subsystem for Linux.    When interacting with a command line, you can type directly into the command prompt. As an example, to help those of you who have not yet worked with a Linux command line, you can navigate to different directories using the “cd” or ‘current directory’ command. You can determine the path to your current directory by typing “pwd,” or ‘print working directory’, and you can list the files in the current directory using “ls”.
View full article
Many teams are relying on automation to streamline their Security Operations Center. Automation allows customers to scale their operations as their cloud presence grows and allows the data from Prisma Cloud to be integrated with a customer’s existing workflow to manage Cloud security.  This API is also used by Cortex XSOAR playbooks for alert remediation and alert report generation.
View full article
Features Introduced on July 14, 2020 New Features New Policy and Policy Updates Public REST API Updates New Features                                           FEATURE DESCRIPTION Support for GCP Folders When you add your GCP Organization to Prisma Cloud, you can now view all the projects or folders that are contained in the organization hierarchy and choose to add all the projects, or selectively include or exclude the projects and folders you want to monitor, or monitor and protect using Prisma Cloud.     Prisma Cloud as a PAYG Subscription on the AWS Marketplace Prisma Cloud is available as an hourly PAYG subscription on the AWS Marketplace. With this new listing, you can use the Prisma Cloud Enterprise Edition license for the first 15 days as a free trial, and then you are billed based on hourly usage; there is no long-term contract required. ( Coming Soon ) Support Domain-based Message Authentication, Reporting & Conformance (DMARC) Email notifications from Prisma Cloud will include the domain name to support Domain-based Message Authentication, Reporting & Conformance (DMARC), and the email address noreply@paloaltonetworks.com is being replaced with noreply@prismacloud.paloaltonetworks.com. To ensure that you continue to receive emails, please replace  noreply@paloaltonetworks.com  with  noreply@prismacloud.paloaltonetworks.com  in your approved sender list. New Filters for Policies The  Policies  page has three new filters for  Category ,  Class , and  Subtype . And the table view includes these filters as new columns.  The Category filter enables you to separate incidents from risks and prioritize what you want to focus on based on your role. You can for example, use this filter to identify policies that identify incidents before policies that identify risky configurations. The Class filter logically groups policies. Use it to separate policies that affect your area of focus, and delegate as appropriate. The Subtype filter separates the various types of policies that pertain to each policy Type. For example, Anomaly policies are split into two subtypes—Network and UEBA.     Updates for Inclusive Language on Prisma Cloud Prisma Cloud has updated all references to whitelist on the API and management console.  Settings IP Whitelisting  is renamed as  Settings Trusted IP Addresses , where you can specify  Trusted Alert IP Addresses  (previously Login IP Whitelisting ) and  Trusted Login IP Addresses  (previously called Trusted IP Whitelisting)     See Public REST API Updates also. Exclusion of Trusted Sources in Anomaly Policies  To exclude trusted IP addresses that are internal or known, such as those you may use to conduct tests for PCI compliance or penetration testing on your network, you can now add these IP addresses in a CIDR format on the Trusted IP Address List on  Settings Anomaly Settings . Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly policies that detect unusual network activity such as the policies that detect port scan and port sweep activity, unusual server and port activity and Spambot.     GCP Flow Logs Update GCP flow logs are now be available for Prisma Cloud tenants deployed on https://app.prismacloud.io. You do not need to submit a special request to enable flow logs on your tenant. Amazon SQS Integration Supports a Separate IAM Role When integrating Prisma Cloud with Amazon SQS, you now have the flexibility to use a separate IAM role to enable alert notifications to SQS. If you use the CFT to onboard your AWS account and the SQS queue belongs to the same cloud account, the Prisma Cloud IAM Role policy has the permissions required for Amazon SQS. And, by default, Prisma Cloud accesses the SQS queue with these credentials.  If this is not applicable for the SQS queue you are trying to integrate, when you add a new SQS integration, you can provide the IAM credentials (Access Key and Secret Key) associated with that role ( Settings Integrations ).     The IAM user, whose security credentials (Access and Secret Keys) you provide must have  sqs:SendMessage  and  sqs:SendMessageBatch  permissions.  API Ingestion AWS   noCloudTrailFound  attribute no longer ingested for aws-cloudtrail-describe-trails API. With this change, Prisma Cloud will no longer ingest the  noCloudTrailFound  attribute, for an AWS account that does not have CloudTrail enabled in a given region. If you have any custom policies that use this attribute, the alerts against this policy will be marked as resolved.   GCP   Google Compute Engine—gcloud-compute-project-info   Google Dataproc Clusters —gcloud-dataproc-clusters-list    For the  gcloud-compute-api  Prisma Cloud now includes labels assigned to your GCP project. You can use the tag attribute to find resources tagged with labels in  config where  RQL queries.   Saved Search Additions Use the following Saved Search to easily create a policy and generate an alert if you want to check for:   AWS IAM policy with unused permissions   AutoFocus saved searches are consolidated by tag groups to detect malicious activities that are initiated from a internal source on your network or from an external source.       AutoFocus Updates —Change in threat source name in RQL and access the AutoFocus from the Prisma Cloud Console. The AutoFocus threat intelligence feed was referred to as  threat.source in ( AF)  and that is now updated to be  threat.source in ( AutoFocus)  For example, the RQL should now be:  network where dest.publicnetwork IN ('Suspicious IPs') AND threat.source IN ( 'AutoFocus' ) AND threat.tag.group = 'Cryptominer' Additionally, if you have an AutoFocus license, you can now click the IP address link to launch the AutoFocus portal and search for a Suspicious IP address directly from the  Investigate  page.     Compliance Standards in Business Unit Reports When generating the Business Unit report, you can now filter on one or more compliance standards to ensure that the report data is only for the alerts that are associated with policies which are tied to the selected compliance standards. API Ingestion APIs to ingest:   Azure custom policy definitions at the subscription level. Azure Policy —  azure-policy-definition   Updated the JSON structure for the  azure-storage-account-list  API to display the total count of containers that are accessible publicly. In addition, the data ingested displays the name of the first 1000 containers in this list.   noCloudTrailFound  attribute no longer ingested for aws-cloudtrail-describe-trails API. If you have any custom policies that use this attribute, the alerts against this policy will be marked as resolved.   GCP Las Vegas Region Support Prisma Cloud can now monitor resources deployed in the Las Vegas region. To review the list of supported regions, use the Cloud Region filter on the Asset  Inventory . Prisma Cloud Service for AWS China Start using the Prisma Cloud tenant in China (https://app.prismacloud.cn) to connect to your AWS China accounts deployed in the Ningxia and Beijing regions. Prisma Cloud Service in Singapore Prisma Cloud is now available in the Singapore region. You can select this region, when you sign up for the service from the AWS Marketplace or the Palo Alto Networks Marketplace.  New Policy and Policy Updates                 POLICY NAME DESCRIPTION Alibaba Cloud RAM user with both console access and access keys Identifies Resource Access Management (RAM) users who can access both the Alibaba Cloud management console and the API. As a best practice, limit access to what the user can do to and give permissions for console access or the API. AWS policies that enable auto-remediation The following policies are updated:   AWS Customer Master Key (CMK) rotation is not enabled   AWS EKS cluster endpoint access publicly enabled   AWS RDS event subscription disabled for DB instance   AWS EKS control plane logging disabled   AWS Redshift clusters should not be publicly accessible   AWS RDS database instance is publicly accessible   AWS RDS minor upgrades not enabled   AWS RDS instance without Automatic Backup setting   The additional permissions required to enable auto-remediation for these policies are:  "kms:EnableKeyRotation", "rds:ModifyEventSubscription", "eks:UpdateClusterConfig", "rds:ModifyDBInstance", "redshift:ModifyCluster" Internet exposed instances Updated the  Internet exposed instances  policy to identify AWS Cloud workloads that are exposed to the Internet.  With this change, this policy now applies to AWS only. Public REST API Updates                       CHANGE DESCRIPTION Deprecated and replacement REST API endpoint paths The REST endpoint paths in the following list are deprecated. A new endpoint replaces each deprecated endpoint. The deprecated endpoints will be removed in the near future:   Deprecated: /ip_whitelist_login New: /ip_allow_list_login   Deprecated: /ip_whitelist_login/{id} New: /ip_allow_list_login/{id}   Deprecated: /ip_whitelist_login/status New: /ip_allow_list_login/status   Deprecated: /ip_whitelist_login/tab New: /ip_allow_list_login/tab   Deprecated: /whitelist/network New: /allow_list/network   Deprecated: /whitelist/network/{networkUuid} New: /allow_list/network/{networkUuid}   Deprecated: /whitelist/network/{networkUuid}/cidr New: /allow_list/network/{networkUuid}/cidr   Deprecated: /whitelist/network/{networkUuid}/cidr/{cirdUuid} New: /allow_list/network/{networkUuid}/cidr/{cirdUuid}   The x-redlock-status header values have been updated in a similar manner (e.g.  login_ip_whitelist_missing_field  is now  login_ip_allow_list_missing_field ). Cloud accounts and GCP Folders There are additions to the cloud account REST APIs, including additions to the request parameters to on-board cloud accounts, to support the new feature Support for GCP Folders. Anomalies Trusted List There are new REST API endpoints to support the anomalies trusted list. Amazon SQS integration The REST API for Amazon SQS integration has some new but optional request parameters. Policies There are three new read-only attributes in the Policy and Policy View models (the latter is in the response to a List Policies request) to describe the hierarchy of a policy. New policy filters exist for these attributes. Alerts Requests to list alerts by policy (GET or POST /alert/policy) no longer include alert rules in the response object. Alert rules are available through requests for individual alert information.
View full article
We are proud to announce that Prisma Cloud Data Security for Azure Blob Storage is now GA! Data Security on Prisma Cloud enables you to discover and classify data stored in Azure blob and protect against accidental exposure, sharing of sensitive data.    In addition, it ensures data stores in your Azure blob are free from malware by performing malware analysis using the Enterprise WildFire engine. Enable data security and onboarding your Azure cloud subscription to start scanning your Azure blob storage. 
View full article
As organizations increasingly adopt Infrastructure-as-a-Service (IaaS) models for cloud development, the number of entities that are granted access to critical infrastructure necessarily grows as well. However, organizations must ensure these entitlements are tightly controlled. To help our customers better address these growing risks, Prisma Cloud offers Cloud Infrastructure Entitlement Management (CIEM) multi-cloud capabilities. These capabilities include: * Net effective permissions analysis: Seamlessly analyze and gain visibility for accounts, resources, and workloads. * IDP integration: Ingest single sign-on (SSO) data from IDPs to calculate net-effective user permissions, no matter which CSP or service the user is accessing.
View full article
To get the most out of your investment in Prisma™ Cloud, we need to add your cloud accounts to Prisma Cloud. This process requires that you have the correct permissions to authenticate and authorize the connection and retrieval of data.
View full article
Many in the security industry have been pondering recently whether “agentless” or “agents” are most effective. The answer is simple: use both for comprehensive security. With that vision in mind, Prisma Cloud is proud to be the first security platform to offer both agent-based and agentless security together from a single solution, giving you and your teams the flexibility and choice to deploy or activate the right method of protection in a mixed environment. As a part of Prisma Cloud 3.0 launch, we announced the introduction of agentless security in addition to already available agent-based security to provide comprehensive security coverage.   Come learns what the new V2 release brings in this webinar
View full article
“What could you have done better as an organization to adjust to Log4J?”  This question has resonated with the cybersecurity community for a while now. Within the capabilities of the Prisma Cloud product here at Palo Alto Networks, there are a number of threat landscape views and preventative tools that are available to customers.    In this article, we will review some of the core features that security professionals can utilize to be notified of CVE detection, available API calls within the Prisma Compute console that will help to give a quick view into resources affected by Log4J through the correlated CVE, as well as some advanced preventatives, such as creating a custom CVE or uploading an MD5 malware hash, that are available to users of the console. With these additional tools there will be a better understanding of not only how to get a grasp around aspects of the threat landscape of Log4J in your environment, but also a better way to approach potential future zero-days through utilization of the capabilities of Prisma Cloud.  
View full article
Prisma Cloud Products and Customer Success Webinar Recordings   Upcoming CSPM Platform update July 2022 Please join us to learn about new CSPM & Platform capabilities including Alert Prioritization by Mitre, True Network Exposure for Azure, DNS-threat detection, Unified Asset Inventory and many more.   CIEM new graph visualization June 2022 Please join us to learn about the new "Graph Visualization" feature. In this demo-focused webinar, we will show you how easily you can get a high-level overview of the cloud identity permissions, review connections between source, granted, and destination to understand why this particular identity can access these specific resources, and more.    Microseg Update - Automating Microsegmentation policies using App Profiling and Out of Box templates May 2022 Please join us to learn more about cloud network security module in Prisma Cloud. You can implement a single network security policy model that works on any cloud or Datacenter environment across different workload types (containers/VMs/Hosts). In this demo focused webinar, we will show you how you can easily create microsegmentation policies by using the App Profiling capability.   Prisma Cloud Monthly Product Overview:   Cloud Code Security Features April 2022 Please join Gilad Mark and Taylor Smith to learn more about the cloud code security module in Prisma Cloud. You can do IaC security, software composition analysis (SCA), drift detection and secret detection using the module. In this demo focused webinar, we will show you the existing functionality as well as give a sneak peek in the upcoming functionality.   Prisma Cloud Monthly Product Overview:   Adoption Advisor and CIEM/IAM March 2022 Join us for this hands on demo with Product Manager, Izabella Yankelevich:   Adoption Advisor: The Adoption Advisor aims to improve product adoption by adding visibility into feature utilization and undiscovered product capabilities. During this session, we will go over the objectives of the Adoption Advisor and walkthrough.   CIEM/IAM: As organizations increasingly adopt Infrastructure-as-a-Service (IaaS) models for cloud development, the number of entities that are granted access to critical infrastructure necessarily grows as well. However, organizations must ensure these entitlements are tightly controlled. To help our customers better address these growing risks, Prisma Cloud offers Cloud Infrastructure Entitlement Management (CIEM) multi-cloud capabilities. These capabilities include: * Net effective permissions analysis: Seamlessly analyze and gain visibility for accounts, resources, and workloads. * IDP integration: Ingest single sign-on (SSO) data from IDPs to calculate net-effective user permissions, no matter which CSP or service the user is accessing.    Prisma Cloud Monthly Product Overview: Cloud Security Posture Management (CSPM) Update February 2022 Palo Alto Networks will discuss new CSPM capabilities including TOR-based threat detection, Cloud Network Analyzer-based policies that detect cloud resources that are truly exposed to the Internet, and others   Prisma Cloud Monthly Product Overview: 22.01 Prisma Cloud Compute (Joule) Release January 2022 With the proliferation of virtual machines, containers, Platform-as-a-Service and Serverless architectures, security, infrastructure, and DevOps teams need a centralized solution to provide visibility and protection across the continuum of cloud native architectures to address vulnerabilities, manage compliance, and enable runtime protection. For example, with a   vulnerability like Log4Shell, security teams would quickly want to identify vulnerable applications while also protecting their applications from threats and attacks. Please join us and learn about the new Cloud Workload Protection and Web App & API Security additions with our Prisma Cloud Joule release. Release highlights include: General availability of Agentless Security to scan VMs on AWS:   By adding agentless security we are increasing the speed and simplicity of initial scanning and risk prioritization, providing a quick posture overview without deploying agents. Prisma Cloud is the first on the market offering both agentless and agent-based security for comprehensive protection. Pre-Deployment virtual machine image library analysis for Azure and Google Cloud:   Seamless scanning of machine images now supports two additional public clouds. Kubernetes auditing enhancements for AKS and EKS:   Security and DevOps teams can now capture and analyze Kubernetes auditing data from public cloud Kubernetes services to identify risks and security events. Enhancement to vulnerability management:   Extended and granular scope for tags for enhanced exception and metadata reporting on vulnerabilities. Web Application and API Security:   New analytics dashboards for improved web application attack visibility and support for gRPC protection. Prisma Cloud Monthly Product Overview: "Code-to-cloud" security for AWS  November 2021 Palo Alto Networks will discuss our current capabilities with AWS and how far we've come. We will present what is on the horizon, and give a look at how all our technologies are coming together. Come and see what Prisma Cloud's capabilities for AWS are, and hear why we are the best cloud security platform for AWS.   Prisma Cloud Monthly Product Overview: Why Prisma Cloud is the best cloud security Platform for Azure October 2021 Palo Alto Networks will discuss our current capabilities with Microsoft Azure and how far we've come. We will present what is on the horizon, and give a look at how all our technologies are coming together. Come and see what Prisma Cloud's capabilities for Microsoft Azure are, and hear why we are the best cloud security platform for Microsoft Azure   Prisma Cloud Monthly Product Overview: Prisma Cloud Compute 21.08 (Iverson Release) October 2021 Join us to learn about the new capabilities and improvements in the latest Prisma Cloud's Cloud Workload Protection - Release 21.08 (Iverson). In this session, we will discuss some of the key capabilities of the release. 1. Container Security: ML-driven pre-deployment image analysis sandbox. 2. Host Security: Auto-protection for virtual machines on Azure and Google Cloud. 3. Web Application and API Security: Windows support, service mesh support, and improved API telemetry. 4. SaaS improvements: Deeper integration with alerts, auto-discovery of all cloud workloads 5. Partner Update: Prisma Cloud is a Red Hat® Certified Technology Vulnerability Scanner   Prisma Cloud Monthly Product Overview: Prisma Cloud CSPM - Network-based Data Exfiltration Detection August 2021   Data breaches in public cloud environments continue to be a significant problem. To help address it, Prisma Cloud recently released a new threat detection capability - Network-based data exfiltration detection. Prisma Cloud uses advanced machine learning (ML) algorithms to   analyze network flow logs to create a model of baseline activity.   It can then detect deviations from that baseline that could signal malicious data exfiltration attempts, and create an alert. Join us and learn about this new capability as well as other existing threat detection capabilities. Blog link: https://www.paloaltonetworks.com/blog/prisma-cloud/how-to-set-up-prisma-cloud-threat-detection/     Prisma Cloud Monthly Product Overview: Preview of CSPM 2.0 Launch & Major Policy Updates  July 2021   Prisma Cloud (CSPM) Delivers Five New Innovations to Help Security Teams Reduce Alert Noise, Detect Advanced Threats and Simplify Cloud Data Security. We are excited to add new CSPM functionality to this stack to help further reduce risks and detect advanced attacks across cloud infrastructures: True Internet Exposure Visibility-as-Code Network Data Exfiltration Detection Anomalous Compute Provisioning Detection Customizable Object-Level Scanning for AWS S3 21.7.2 Policy Updates for Alert Fatigue     Prisma Cloud Monthly Product Overview: MITRE Att&ck Capabilities - Prisma Cloud and Compute June 2021     The MITRE ATT&CK® knowledge base is the most widely adopted framework for security teams across the industry. Prisma Cloud now supports MITRE ATT&CK® framework for various use cases. In this webinar, Prisma Cloud Product Management team will present an overview and hands-on demo to show how to leverage the updated ATT&CK frameworks to enhance your Cloud Security Posture Management and Cloud Workload Protection.     Prisma Cloud Monthly Product Overview: New Threat Detection capabilities in Prisma Cloud  May 2021     In addition to providing cloud visibility, compliance and governance, Prisma Cloud has been providing Machine Learning and Threat Intelligence based threat detection for years. We recently released a new threat detection capability - anomalous compute provisioning - that can detect threats such as cryptojacking. Come and learn about this new capability as well as other existing threat detection capabilities that can detect issues such as account hijack, excessive login failures, port scan, port sweep and others. We will also discuss where we are going with our threat detection roadmap.     Prisma Cloud Monthly Product Overview: Compute & Microsegmentation Release Update April 2021     Learn about what is new in the upcoming Prisma Cloud with respect to the Compute & Microsegmentation capabilities.      Prisma Cloud Monthly Product Overview: Oracle Cloud (OCI) Overview March 2021     Prisma Cloud has extended its cloud security posture management to Oracle Cloud Infrastructure (OCI). The Prisma Cloud Product Management team will present an overview and hands-on demo on how cloud and security teams using Prisma Cloud on OCI can quickly get onboarded and gain comprehensive visibility for all multi- and hybrid-cloud assets in a single console to help understand their cloud attack surface. Join us to enhance the security of your cloud workloads on OCI!   Prisma Cloud Monthly Product Overview: Data Security for AWS Feb. 2021 Prisma Cloud Data Security is a new Prisma Cloud Module in the Cloud Security Posture Management (CSPM) pillar. Our PM team reviews the customer challenges this new module solves in addition to all of the capabilities currently available within the Data Security Module (currently AWS S3 only).   Prisma Cloud Monthly Product Overview: Prisma Cloud Enterprise Suite January Updates Jan. 2021 Join us this month to get insight into the latest release of Prisma Cloud Enterprise including our Cloud Security Posture Management, and Cloud Workload Protection Platforms. The Prisma Cloud Product Management team will present a overviews and hands-on demos of the new features we’ve added in the latest major release, such as Web-Application and API Security (WAAS) updates, host security, container security, and shift-left enhancements in Prisma Cloud Compute (CWPP), as well as Alarm Center updates in Prisma Cloud Enterprise (CSPM).   IAM Security Roadmap Dec. 2020 The new Prisma Cloud IAM Security module is an industry-leading CIEM solution. it automatically calculates effective permissions across cloud service providers, detects overly permissive access and suggests corrections to reach least privilege entitlements. Join the IAM PM team (Bar Schwartz, Shaked Zin) as they present a hands-on demo of the new module.   Prisma Cloud - Shift Left + CNSP Nov. 2020 New Prisma Cloud DevOps Inventory UI is coming in 20.11.2! Join us to learn to configure this UI as well as brand new "build" alert rules. In addition, we will talk about drift detection, and sign up interested customers for the upcoming design partner program. The microsegmentation private beta is released on Prisma Cloud! Join us for a walk thru of the product and how it will fit into the Cloud Network Security module. Learn how you can visualize and secure communications in kubernetes, between VMs and/or containers, using identity. We will also talk about how to identify customers that would be a good fit for the private beta.   Prisma Cloud - Compute Workload Protection (CWP) Oct. 2020 Introducing Prisma Cloud Compute 20.09, the latest update to our Cloud Workload Protection Platform. Join the Compute PM team (Aqsa Taylor, Avi Shulman, Hari Srinivasan, Tomer Spivak, and Pradnesh Patil) as they present a hands-on demo of the new features we’ve added in the latest major release, such as cluster aware radar, git repo scanning, enhanced host security, and Compute SaaS integration in Prisma Cloud Enterprise Edition.   Roadmap Session - Prisma Cloud Compute Sept. 2020 Learn about what is new in the upcoming Prisma Cloud Compute Release - Enhanced cluster awareness across the product, more integrated Cloud Account onboarding process between Compute and the Prisma Cloud platform, our first step in securing packages prior to build time with GIT repository scanning, an enhanced look to our Host security and our new and improved application firewall capability, transitioning CNAF into WAAS (Web Application and API Security).   Product Update Aug. 2020 Learn about the recent releases and the product roadmap.   Network Security and Micro-segmentation July 2020 Autofocus Integration (Network Security) & Micro-segmentation   Sneak Preview of Prisma Cloud Data Security (DLP) June 2020 Brief preview of upcoming  Data Security module and Q&A about Data security   Prisma Cloud Product Update May 2020 Learn about the recent releases and the roadmap.   Shift Left + Prisma Cloud Compute SaaS Integration Phase 2 Apr. 2020 For developers & DevOps: tools to use natively in their IDE, Git and CICD environments; and Prisma Cloud - Compute integration features.   Office Hours with Customer Success - Incident Response Case Study (Part 2) Mar. 2020 Malware — Investigate and Remediate.   Office Hours with Customer Success - Incident Response Case Study (Part 1) Feb. 2020 Malware — Incident and Impact.   Prisma Cloud Product Roadmap Jan. 2020 Upcoming New Features in Prisma Cloud.   Prisma Cloud - TwistLock/PureSec Integration Dec. 2019  Prisma Cloud + TwistLock Integration   Alert Burndown Nov. 2019 Learning to manage alerts.   RQL Deep Dive Oct. 2019 Learning to use RQL    
View full article
Understanding the Attack Surface Using Prisma Cloud SaaS by RD Singh and Muhammad Rehan   Recent Log4Shell and SpringShell vulnerabilities created havoc for many organizations struggling to discover the impacted resources. The Palo Alto Networks Prisma Cloud (CSPM and CWPP) not only can help the organizations to discover the impacted resources, but can also protect the exploit from happening.   In this article, we will walk you through how to leverage the Prisma Cloud Product in order to gain visibility of your cloud resources.   How Prisma Cloud Can Help   The Palo Alto Networks Prisma Cloud Security Platform can detect and identify Log4Shell and SpringShell attack payloads sent to applications. The good news is that Prisma Cloud users can easily detect software components affected by these vulnerabilities.    The Prisma Cloud Intelligence Stream (IS) automatically updates to include the vulnerability information from official vendor feeds. This allows Prisma Cloud to directly reflect any updates or analysis by Linux distribution and application maintainers, allowing Prisma Cloud to detect any affected hosts, images, containers and functions. Figure 1: Log4Shell CVEs in the Intelligence Stream   Query Your Environment for Impacted Resources   Prisma Cloud’s Resource Query Language (RQL) provides a quick and easy way to query for resources impacted. In this case, users can utilize the Prisma Cloud platform's capabilities to isolate assets with vulnerabilities and prioritize further by looking for internet-exposed assets receiving traffic.   The below RQL lists the instances in your cloud that have the Log4Shell (CVE-2021-44228) and/or SpringShell (CVE-2022-22963 or CVE-2022-22965) specific vulnerabilities.    Note: RQL is only applicable to the Prisma Cloud SaaS.   config from cloud.resource where finding.type IN ( 'Host Vulnerability', 'Serverless Vulnerability', 'AWS GuardDuty Host') AND finding.name IN ('CVE-2022-22963', 'CVE-2022-22965', 'CVE-2021-44228')   Figure 2: Config RQL to discover the vulnerable instances   Here is the RQL to know the Internet exposed instances that are receiving traffic in your cloud and have the Log4Shell (CVE-2021-44228) and/or SpringShell (CVE-2022-22963 or CVE-2022-22965) specific vulnerabilities:   network from vpc.flow_record where bytes > 0 AND source.resource IN ( resource where finding.type IN ( 'Host Vulnerability', 'AWS GuardDuty Host') AND finding.source IN ( 'Prisma Cloud' ) AND finding.name IN ('CVE-2022-22963', 'CVE-2022-22965', 'CVE-2021-44228') ) AND destination.publicnetwork IN ('Internet IPs', 'Suspicious IPs')   Figure 3: Config RQL to discover the vulnerable instances   In addition to RQL Prisma Cloud Compute can help to search for the specific CVE in Vulnerability Explorer where Defender agents are deployed.   Note: The Prisma Cloud Compute needs to be enabled to view the Vulnerability Explorer within the Prisma Cloud SaaS.   Figure 4: CVE search result in Vulnerability Explorer The below screenshot is an example of container image details where CVE-2022-22965 is shown as Critical.   Figure 5: Image details Conclusion   The Log4Shell and SpringShell vulnerabilities are high-impact vulnerabilities that are easy for attackers to exploit and have far-reaching consequences on the industry as a whole. In this post, we discussed some detection and prevention strategies for these particular vulnerabilities, and showcased detection capabilities of the Prisma Cloud Security Platform.    Prisma Cloud can help in detecting all vulnerable instances in your deployments. Prisma Cloud may also be configured to fully prevent running any vulnerable images or hosts.   A complete proof-of-concept of Prisma Cloud protections for Log4Shell exploits, including runtime and WAAS protections, can be found in this video . References : https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/   About the Authors: RD Singh and Muhammad Rehan are senior customer success engineers specializing in Prisma Cloud, Next-Generation Firewall, AWS, Azure, GCP, containers and Kubernetes. They use collaborative approaches to break down complex problems into solutions for global enterprise customers and leverage their multi industry knowledge to inspire success.      
View full article
Prisma Cloud provides comprehensive security for the cloud-native application’s entire journey from code to cloud. In this session, hear from the product team about the exciting new features that deliver unification of assets & alerts across the platform and several other features on tap for delivery in the near term. This session will also cover updates to the Cloud Security Posture Mgmt. and Identity security areas.   Session 1 Prisma Cloud Security Platform - Integrated Platform Experience, CSPM, and CIEM Updates June 2022   Session 2 Prisma Cloud’s Compute Workload & Code Security - New Release Updates June 2022
View full article
A best practice in security is alerting on the assets that you find most critical.  The concept of vulnerability and exploit defines that a vulnerability can be exploited.   
View full article
How to Disable or enable default or custom policies 
View full article
These guides provide customized direction, advice, and recommendations by job function for implementing Prisma Cloud into operation in your organization.
View full article
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Celebrate with us!
LIVEcommunity Wins 2022 Khoros Kudos Award
LIVEcommunity Wins 2022 Khoros Kudos Award
Top Contributors
Top Liked Authors