AI-SPM is generally available to all Prisma® Cloud users as we continue the rollout of Secure AI by Design product portfolio.     Let's go!
Search

Threat Detection

Prisma Cloud detects advanced threats, zero-day attacks, and anomalies across multicloud environments
Request a Trial
Threat Detection Front
Threat Detection Back

The dynamic, distributed nature of cloud environments often creates alerts that lack context at a volume that can overwhelm security teams. Attempting to correlate logs, API metadata and signature-driven alerts can quickly flood teams with false positives instead of actionable insight.

Read about our comprehensive approach to Threat Detection.

Read the blog

The public cloud exposes new threats

From codified infrastructure template vulnerabilities to account hijacking attempts for compute-intensive operations like cryptomining, the threat landscape in the public cloud exposes new threats different from any other IT environment, posing new challenges for security teams.

Multi-source threat intelligence is essential

Correlating threat intelligence from multiple sources is critical to building a deep, contextual understanding of risk. Sourcing cloud service provider logs augmented with suspicious IP address lists, malware signatures and vulnerability intelligence feeds ensures risk clarity.

Rule-based policies are not enough

Static positive/negative or rule-based policies are an essential foundation for effective cloud security, but alone do not adequately cover the entire threat landscape. Anomaly-based policies that leverage machine learning to monitor and report on suspicious or unusual activities complement traditional policy libraries for a comprehensive threat detection strategy.

Threat detection powered by ML and threat intelligence

Prisma Cloud uniquely combines advanced machine learning and threat intelligence such as Palo Alto Networks AutoFocus, TOR exit nodes and other sources to identify various tactics and techniques per MITRE ATT&CK’s Cloud Matrix with high efficacy while minimizing false positives. This allows security teams to focus their investigation and remediation effort on the most critical incidents without getting bogged down by alert storms.
  • Employ unsupervised Machine Learning
  • Integrate with best of breed Threat Intelligence
  • Detect known & unknown threats
  • Network anomaly detection
    Network anomaly detection
  • User and entity behavior analytics
    User and entity behavior analytics
  • Threat intelligence-based threat detection
    Threat intelligence-based threat detection
  • Granular control on false positives and negatives
    Granular control on false positives and negatives
THE PRISMA CLOUD SOLUTION

Our approach to Threat Detection

ML-based network anomaly detection

Prisma Cloud employs advanced ML to learn normal network behavior of each customer’s cloud environment to detect network anomalies and zero-day attacks effectively with minimal false positives.

  • Port scan and sweep detection

    Detect common reconnaissance techniques per MITRE ATT&CK Cloud Matrix to facilitate remediation activities such as closing ports opened unintentionally.

  • Unusual port and server activity detection

    Spot unusual activities which adversaries typically employ to evade detection while looking for critical assets such as PII, financial information and others in preparation for data exfiltration.

  • DNS threat detection

    Identify threats attempting to exploit your network with DNS-based attacks such as domain generation algorithm (DGA) and cryptomining – all without changing your DNS infrastructure.

Learn more
ML-based network anomaly detection

User and entity behavior analytics (UEBA)

Users who access cloud environments can pose a significant threat if not continuously monitored for unusual activities that could signal possible credential or account compromise. Prisma Cloud continuously monitors and learns each user's activities to identify what’s normal, and then alerts on any behaviors that deviate from that baseline.

  • Anomalous compute provisioning detection

    Learn the normal behavior of each user to detect anomalous compute provisioning activities, indicative of either accidental resource misuse or more sinister attacks like cryptojacking

  • Insider threat detection

    Discover suspicious behaviors such as excessive login failures that could signal compromised accounts, brute force attacks, and other behaviors that traditional security tools miss.

  • Suspicious user activity detection

    Identify specific actions and surface correlated account data, both in real time and with historical context.

Learn more
User and entity behavior analytics (UEBA)

Threat intelligence-based threat detection policies

Leveraging Palo Alto Networks’ AutoFocus threat intelligence and proprietary security research, Prisma Cloud provides a comprehensive set of out of the box policies to detect malicious network and user activities.

  • AutoFocus-based network threat detection

    Out of the box policies to detect advanced and malicious network based attacks such as DDOS, Botnet, Ransomware, Remote Access Trojan, Cryptomining and many more.

  • Policy-based network threat detection

    Detect suspicious network activities such as DB ports receiving internet traffic and Internet connectivity via TCP over insecure port.

  • Policy-based detection of suspicious user activities

    Alert on sensitive IAM and storage configurations which are often steps of a multi-staged attack in motion.

Learn more
Threat intelligence-based threat detection policies

Granular control on false positives & negatives

Unlike most basic ML-based threat detection solutions in the market, Prisma Cloud provides granular control for customers to make the appropriate tradeoffs between false positives and negatives that fit their business and security needs.

  • Alert Disposition

    Choose Aggressive to minimize false negatives, Moderate for a good balance between false positives and negatives, or Conservative to minimize false positives.

  • Training Model Threshold

    Choose Low to minimize training period, Medium for a good balance between speed of detection and false positives, or High to minimize false positives.

  • Trusted List

    Use TrustedList of Cloud Service, IP, Machine ID, Tag and others to prevent false positive alerts on benign activities.

Learn more
Granular control on false positives & negatives
Prisma Cloud
Prisma Cloud
Prisma Cloud delivers the industry’s broadest security and compliance coverage—for applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid-cloud environments.
Learn more

Cloud Security Posture Management modules

VISIBILITY, COMPLIANCE, AND GOVERNANCE

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

Learn more

CLOUD THREAT DETECTION

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

Learn more

DATA SECURITY

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.

Learn more
Featured Resources

Get more insight into what Prisma Cloud can do for your business

See all resources
eBook

The Six Key Requirements of Multicloud Security

Download
Video

Prisma Cloud for CSPM

Watch now
Datasheet

Prisma Cloud: Cloud Security Posture Management

Download

Customer Stories

Hear how Pokemon, Sabre and ElevenPaths take advantage of Prisma Cloud's full lifecycle security and full stack protection.

Cloud security basics

Learn about DevSecOp trends and get practical tips from developers, industry leaders and security professionals.

The latest from our blog

Start with a piece that focuses on container security with Kubernetes cluster awareness, then dive into the rest.

Get the latest news, invites to events, and threat alerts