Acer eDC has joined the Prisma Cloud Partner Program to help organizations successfully manage cloud security configurations and build and deploy security monitoring mechanisms. We hope that our cloud security solutions will make users safer and more powerful. If you have any needs related to Prisma Cloud management, deployment, and security monitoring,please feel free to contact us..

Background Description

What is Cloud Security Posture Management?  Cloud Security Posture Management (CSPM)

Cloud Security Posture Management (CSPM) is the answer to the growing need for organizations to deal with cloud security risks and misconfigured public cloud services. This service is used for risk assessment, visualization, unexpected event response, regulation, oversight, and DevOps integration. Customers often use CSPM services to detect incorrect resource configurations, identify risks and unsafe activities across cloud applications and services, and provide relevant information to help security administrators improve and resolve cloud security issues.

What is a cloud workload protection platform? Cloud Workload Protection Platform (CWPP)

Cloud Workload Protection Platform (CWPP) is a security tool that detects and removes threats inside cloud software. CWPP is like a car mechanic, identifying defects and failures inside a car’s engine before causing further damage, except it inspects the inside of a cloud service instead of the car. CWPP automatically monitors a variety of workloads, including physical on-premises servers, virtual machines, and serverless functions.

What is Cloud Native Application Protection Platform? Cloud Native Application Protection Platform (CNAPP)

Cloud Native Application Protection Platform (CNAPP) is a unified and tightly integrated set of security and compliance capabilities designed to protect cloud native applications in development and production. CNAPP integrates a number of previously siled capabilities, including container scanning, cloud security posture management, infrastructure-as-code scanning, cloud infrastructure entitlement management, execution-time cloud workload protection, and execution-time vulnerability/configuration scanning.

Applicable Objects
Enterprises using cloud environments, including finance, manufacturing, government agencies, and e-commerce enterprises

Service Efficiency

  • Visual risk assessment to identify risky and unsafe activities across cloud applications and services.
  • Help strengthen cloud security issue management.
  • Search for cloud security configuration errors and detect compliance violations.

Function Introduction

What are the main functions of CSPM?

  1. Regularly scan and analyze cloud services such as IaaS, SaaS, PaaS, etc. Look for security settings errors, possible compliance violations, and vulnerabilities.
  2. Map an organization's entire cloud infrastructure to uncover previously unknown risks. It sends alerts to the security team about any potential risks.
  3. Typically has a dashboard that displays identified issues and overall security scores and delivers alerts.
  4. Any potential violations such as the Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA), and General Data Protection Regulation (GDPR) are automatically scanned and detected.
  5. Cloud deployments are scanned to identify all cloud assets and provide visibility into their status. It also alerts security teams to configuration errors in discovered assets.
  6. Other capabilities include vulnerability identification and incident response. Some CSPM tools can not only alert the security team but also fix certain issues.

What are the main functions of CWPP?

According to global research and advisory firm Gartner, CWPP has the following eight functions:

  1. Hardening, Provisioning, and Vulnerability Management: CWPP helps ensure that there are no vulnerabilities in the software, even before it is put into production.
  2. Network Firewall, Visibility, and Micro-Segmentation: CWPP protects and micro-segments the network. The latter term refers to dividing a network into smaller parts so that an attacker cannot compromise the entire network at once.
  3. System Integrity Assurance: CWPP ensures that cloud systems work as expected.
  4. Application Control and Allowed List: CWPP allows and blocks applications based on the allowed application list.
  5. Exploit Prevention and Memory Protection: CWPP prevents exploits in actively executing software.
  6. Server workload endpoint detection and response (EDR), behavioral monitoring, and threat detection and response: CWPP responds to suspicious changes in server and application behavior and active threats.
  7. Host-based intrusion prevention with vulnerability masking: CWPP prevents external intrusions into servers.
  8. Anti-malware scanning: CWPP detects malware embedded in cloud workloads.

CWPP can apply these capabilities to any type of workload, including physical servers, virtual machines, containers and serverless functions.

What is the difference between CWPP and Cloud Security Posture Management (CSPM)?

Cloud Security Posture Management (CSPM) is another type of automated tool used to secure a range of cloud deployments. The main difference is - CSPM is external and looks for cloud configuration errors and compliance violations; CWPP is internal and looks for threats in software executing in the cloud. CNAPP integrates CWPP and CSPM functions.

Palo Alto Prisma Cloud includes three versions of functionality:

 

 

Prisma Cloud Applicable Scenarios - Compliance, Multi-cloud Management, Cloud-native Security
Business Edition
Commercial Compliance Edition(CSPM)		 Compute Edition
Container Protection Edition(CWPP)		  Enterprise Edition
Enterprise Edition(CSPM+CWPP)
  •  Application scenarios: Public cloud IaaS, PaaS security and compliance.
  • Deployment method: SaaS service, interfaced through public cloud API.
  • Support Multi-Cloud environment statistics and analysis, and compliance.
  • Application scenarios: container host, Serverless .
  • Deployment method: Public cloud/On-premise Agent mode .
  • The industry’s most complete container and host security solutions .
  • Supports hybrid cloud operating environments: public cloud AWS EKS, Azure AKS, GCP GKE, AliCloud ACK, IBM IKS; local self-built Docker, K8S, etc.
  • Supports vulnerability, threat, and real-time protection functions.
  • Supports Layer 4 and Layer 7 firewall functions.
  • Application scenario: Unified application of commercial version and container version.
  • Deployment method: SaaS service, which can connect to public cloud API and local containers.
  • Supports both CSPM and CWPP protection functions.
  • Hybrid cloud security architecture can be managed simultaneously through a single management interface.
Public Cloud laaS/PaaS Security and Compliance
Prisma Cloud 01
 Public Cloud Container Service
Prisma Cloud 02
Cloud Native and Private Cloud Container Services
Prisma Cloud 03

 

  •  Enterprise Edition (CSPM+CWPP) 
Prisma Cloud 3.0:
Cloud Native Application Protection Platform (CNAPP)
Prisma_Cloud Code SecurityCloud Code Security

protects application components to analyze applications and IaC Code and fix issues		 Prisma_Cloud Security Posture ManagementCloud Security Posture Management

monitors cloud security posture, detects and responds to threats, and maintains compliance		 Prisma_Cloud Workload ProtectionCloud Workload Protection

secures hosts, containers and serverless throughout the application lifecycle		 Prisma_Cloud Network SecurityCloud Network Security

monitors and protects cloud networks and performs micro-segmentation (Micorsegmentation)  		 Prisma_Cloud Identity SecurityCloud Identity Security

protects permissions and identities in multi-cloud environments
Full application development lifecycle protection
protects application services throughout the entire development lifecycle (build-deploy-run)

 

  •  Business Edition Commercial Compliance Edition(CSPM) 
    —— Prisma Cloud Business Core Features
Prisma Cloud 10 Prisma Cloud 11  Prisma Cloud 12 
Prisma Cloud 06


 

  •  Prisma Cloud Compute Container Protection Edition(CWPP) 
    —— Prisma Cloud Compute core features
Prisma Cloud 07 Prisma Cloud 08  Prisma Cloud 09 
Prisma Cloud 06

Prisma Cloud and Cloud SOC. What's the difference

Microsoft Sentinel
Microsoft		 Prisma Cloud
Palo Alto Networks		 Microsoft Defender for Cloud
Microsoft
  • Security Orchestration, Automation and Response (SOAR)
  • SIEM
  • Threat Intelligence
  • Cloud Security
  • Cloud Security Posture Management (CSPM)
  • Cloud Workload Protection
  • Cloud-Native Application Protection Platforms (CNAPP)
  • Container Security
  • DNS Security
  • Extended Detection and Response(XDR) 
  • Cloud Security Cloud Security Posture Management (CSPM)
  • Cloud Workload Protection
  • Cloud-Native Application Protection Platforms (CNAPP)
  • Data Security Posture Management (DSPM)
  • Extended Detection and Response (XDR)
  • Security Risk Assessment