08-13-2020 03:56 AM - last edited on 02-07-2022 03:21 PM by jforsythe
Hello Prisma Cloud Experts,
I'm fairly new to CWPP and tried some native and free options and looking at commercial products now. VNETs, Traditional compute and private endpoints are not difficult to grasp, while the transition to serverless is slightly more complex.
What parts of the Prisma Cloud product should the customer use when assessing Serverless Lambda security?
Am I right understanding what with regards to AWS Serverless there are two modes - initial assessment (can be done without any modifications to Lambda) and continuous protection (requires some additional code to be added). What about checking IAM rules for security? Are there features in the Prisma Cloud adding additional value on the top of IAM Analizer? Is there a built-in code review for Lambda?
Lastly, can you please confirm that all features from PureSec, Twistlock, Evident.io and the rest are fully integrated (or perhaps discontinued) - and the only place I should be reading/looking is documentation at https://docs.paloaltonetworks.com/prisma/prisma-cloud
Perhaps there are too many questions for one post, and I should do my own research first. Just trying easy option asking experts first 😉
Regards,
Serg
11-11-2020 04:01 PM
"Am I right understanding what with regards to AWS Serverless there are two modes - initial assessment (can be done without any modifications to Lambda) and continuous protection (requires some additional code to be added). What about checking IAM rules for security? Are there features in the Prisma Cloud adding additional value on the top of IAM Analizer? Is there a built-in code review for Lambda?'
So there are two aspects of the product. All of the PureSec/TwistLock/Evident functionality is integrated. The CSPM (Cloud Security Posture Management) side of the product has about 4 policies specific to Lambda functions but there are several others that relate to IAM in general across the cloud itself. Here is a screenshot of the Lambda policies that don't require a "Defender" which is the snippet of code for Serverless or service that runs on a host, container etc whether on prem or in the cloud.
And yes,
https://docs.paloaltonetworks.com/prisma/prisma-cloud
Is the best place to navigate for the documentation which is very good. Another very useful feature once you adopt the platform specifically in the Compute tab is the help which actually takes you directly to the updated web url for that section of the admin guide so if you want to "Learn More about this Feature" and you're in the Compute tab under the WAAS settings it shows the documentation for the Web Application and API security. One other place that has an entirely different set of documentation that is related to the Prisma Cloud API is here:
api.docs.prismacloud.io/reference
Also in reference to the other part of your question there are several other configurable protections once you get a Defender code deployed in Lambda like that WAAS capabilities or shoring up compliance violations or protecting the functions. Hope this helps.
08-13-2020 05:02 AM
I think i found an answer to one of my questions in Prisma Cloud Licensing and Editions Guide
Serverless Defender licensed per millions of invocations:
Serverless function config checks are not counted (no license consumption)
11-11-2020 04:01 PM
"Am I right understanding what with regards to AWS Serverless there are two modes - initial assessment (can be done without any modifications to Lambda) and continuous protection (requires some additional code to be added). What about checking IAM rules for security? Are there features in the Prisma Cloud adding additional value on the top of IAM Analizer? Is there a built-in code review for Lambda?'
So there are two aspects of the product. All of the PureSec/TwistLock/Evident functionality is integrated. The CSPM (Cloud Security Posture Management) side of the product has about 4 policies specific to Lambda functions but there are several others that relate to IAM in general across the cloud itself. Here is a screenshot of the Lambda policies that don't require a "Defender" which is the snippet of code for Serverless or service that runs on a host, container etc whether on prem or in the cloud.
And yes,
https://docs.paloaltonetworks.com/prisma/prisma-cloud
Is the best place to navigate for the documentation which is very good. Another very useful feature once you adopt the platform specifically in the Compute tab is the help which actually takes you directly to the updated web url for that section of the admin guide so if you want to "Learn More about this Feature" and you're in the Compute tab under the WAAS settings it shows the documentation for the Web Application and API security. One other place that has an entirely different set of documentation that is related to the Prisma Cloud API is here:
api.docs.prismacloud.io/reference
Also in reference to the other part of your question there are several other configurable protections once you get a Defender code deployed in Lambda like that WAAS capabilities or shoring up compliance violations or protecting the functions. Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
