Cloud computing has changed the rules of the game in IT – and at the same time changed the rules of the game for attackers. Misconfiguration of cloud resources, invisible lateral paths between services, privileged identities without oversight – these are today’s biggest sources of incidents in cloud environments. Prisma Cloud from Palo Alto Networks is a CNAPP platform that addresses these problems comprehensively – from code to runtime, from infrastructure configuration to identities and workloads. In this article, we explain how it works and what it realistically gives organizations operating across multiple clouds.
Table of contents
- What is Prisma Cloud and what does CNAPP stand for?
- What risks are specific to multi-cloud environments?
- CSPM – cloud security level management
- CWPP – workload protection in the cloud
- CIEM – identity and privilege management
- Code Security – security at the development stage
- Prisma Cloud and regulatory compliance
- Key findings
- FAQ
- Summary
What is Prisma Cloud and what does CNAPP stand for?
CNAPP – Cloud-Native Application Protection Platform – is a category of security products that combines features previously available only as separate tools into a single platform: CSPM, CWPP, CIEM and Code Security. Prisma Cloud from Palo Alto Networks is one of the leaders in this category. The idea behind CNAPP stems from the observation that attacks on cloud environments are rarely based on a single vulnerability – they are usually a chain of events: misconfiguration plus unused permissions plus lack of runtime monitoring equals a successful attack.
Separate tools for each of these layers cannot see the entire chain. Prisma Cloud can see – and this is its fundamental advantage. The platform integrates with AWS, Azure, GCP and Oracle Cloud via native APIs, scanning all resources automatically and continuously. Palo Alto Networks’ Ramsdata portfolio covers the full spectrum of its products, including Prisma Cloud and next-generation NGFW.
What risks are specific to multi-cloud environments?
Multi-cloud environments generate specific security risks that traditional security tools do not see. Misconfigurations are statistically the largest source of incidents – open S3 buckets, public disk snapshots, overly open security groups. Each cloud platform has thousands of possible configurations, and manual verification is impossible at scale.
The explosion of identities and permissions is another problem – in large organizations there are tens of thousands of IAM roles, service accounts and API keys, a significant number of which have permissions far broader than they need. An attacker who seizes one such account can move laterally throughout the environment. The lack of visibility between services in a microservices architecture means that anomalous data flows go unnoticed. All these problems are addressed by Prisma Cloud modules.
CSPM – cloud security level management
CSPM (Cloud Security Posture Management) is a Prisma Cloud module responsible for continuously scanning the configuration of cloud resources for deviations from security patterns and compliance requirements. The platform connects to AWS, Azure and GCP accounts via API and automatically scans all resources – instances, containers, databases, networks, IAM policies.
The results are presented as a list of faulty configurations with risk prioritization and precise remediation instructions. Some configurations can be remediated automatically by auto-remediation mechanisms. CSPM covers the regulatory requirements of CIS Benchmarks, PCI-DSS, HIPAA, SOC 2 and GDPR, generating ready-to-use compliance reports for auditors. For companies operating in a regulated environment, this saves hundreds of hours of manual work.
CWPP – workload protection in the cloud
CWPP (Cloud Workload Protection Platform) protects what runs in the cloud – virtual machines, containers, serverless functions. The Prisma Cloud agent installed on hosts and in Kubernetes clusters provides visibility into processes, network connections and file activity at runtime. Any anomalies – process spawning from a web container, connection to an external IP, modification of a system file – are detected and alerted in real time.
CWPP also includes scanning container images prior to deployment – each image is checked for known vulnerabilities (CVEs), secrets embedded in code and non-compliance with CIS policies. This “shift-left security” approach – problems are detected before anything goes into production. For detailed information on endpoint layer security solutions, visit Ramsdata’s NAC Endpoint Security page.
CIEM – identity and privilege management
CIEM (Cloud Infrastructure Entitlement Management) is a module that addresses the problem of excessive permissions in cloud environments. Prisma Cloud maps all identities – users, IAM roles, service accounts, API keys – and analyzes their actual usage compared to granted privileges. The result is a graphical identity risk map with recommendations for reducing permissions to the minimum required (least privilege principle).
CIEM also detects dangerous patterns: accounts with administrative privileges that have not been used for months, service accounts with access to production resources, temporary API keys that have become permanent. Automatic remediation recommendations quickly reduce the attack surface without manually analyzing thousands of permissions.
Code Security – security at the development stage
Code Security is a module that integrates with code repositories (GitHub, GitLab, Bitbucket) and scans IaC (Infrastructure as Code) – Terraform, CloudFormation, Kubernetes YAML – for security misconfigurations before code is deployed. Developers get feedback on problems directly in pull requests, eliminating the risk of deploying incompatible configurations.
Prisma Cloud also scans for secrets – API keys, passwords, tokens – embedded in code or configuration files. This is one of the most common attack vectors against cloud environments, which Code Security eliminates as early as the code review stage.
Prisma Cloud and regulatory compliance
For organizations operating in a regulated environment, Prisma Cloud offers turnkey compliance frameworks – CIS Benchmarks for AWS/Azure/GCP, PCI-DSS, HIPAA, SOC 2, ISO 27001, GDPR and many others. Each resource is automatically mapped to regulatory requirements and assessed for compliance. Compliance reports are generated automatically and can be exported to formats acceptable to auditors.
Key findings
- Prisma Cloud is a CNAPP platform that combines CSPM, CWPP, CIEM and Code Security in a single tool.
- CSPM constantly scans cloud resource configurations and detects deviations from security patterns.
- CWPP protects workloads at runtime and scans container images before deployment.
- CIEM maps all identities and permissions, indicating excessive access rights.
- Code Security integrates with the CI/CD pipeline, detecting problems before the code goes into production.
- The platform supports AWS, Azure, GCP and Oracle Cloud with a unified management panel.
FAQ
Does Prisma Cloud require an agent on every machine? The CSPM module runs without an agent – via the cloud API. CWPP requires a lightweight agent (Defender) on protected hosts and in Kubernetes clusters.
How does Prisma Cloud integrate with existing SIEM? Prisma Cloud supports integration with Splunk, Elastic, QRadar and other SIEMs via standard APIs and ready-made connectors. Alerts and logs can be sent in real time.
Does Prisma Cloud work in on-prem environments? Prisma Cloud is optimized for cloud environments. On-prem environments can be monitored by CWPP agents, but full CSPM and CIEM functionality requires cloud resources.
What does Prisma Cloud licensing look like? Licensing is modular – organizations can buy only the modules they need. Pricing is based on the number of protected resources or bandwidth.
Summary
Prisma Cloud is a comprehensive answer to security challenges in multi-cloud environments – from misconfigurations to excessive permissions to runtime threats. Integrating all layers of protection in a single platform allows you to see the full attack chain and respond faster. If you manage a multi-cloud infrastructure and are looking for a platform that gives you full visibility and control, contact Ramsdata – a Palo Alto Networks partner.
