Vulnerability Management

Find and fix vulnerabilities from code to cloud.
Vulnerability Management Front
Vulnerability Management Back

Every time a new security vulnerability surfaces, attackers race to find the vulnerable application to exploit its weakness. Organizations need a faster and easier way to uncover blind spots and prioritize vulnerabilities across applications in the cloud.


Manage and Prioritize Vulnerabilities from Code to Cloud

Prisma Cloud helps to uncover blind spots, prioritize vulnerabilities with context and manage remediation across your applications (VMs, Containers, Kubernetes®, serverless and open-source software).
  • Code to Cloud vulnerability management
  • Support for public and private cloud deployments
  • Agentless scanning and agent-based protection
  • Code to cloud visibility
    Code to cloud visibility
  • Vulnerability management
    Vulnerability management
  • Software composition analysis (SCA)
    Software composition analysis (SCA)
  • CI/CD integration
    CI/CD integration

THE PRISMA CLOUD SOLUTION

Our approach to vulnerability management

Code to Cloud Visibility

Securing cloud-native applications requires a comprehensive view into vulnerabilities across the application lifecycle. Prisma Cloud delivers a centralized view into vulnerabilities across public cloud, private cloud and on-premises environments for every host, container and serverless function.

  • Code to cloud visibility

    Gain visibility into all vulnerabilities across your environment — source packages, git repos, registries, deployed images, hosts and running applications.

  • Flexible deployment options.

    Gain visibility into vulnerability across virtual machines, containers, kubernetes and serverless functions with agents and agentless scanning.100% continuous coverage for any application in any cloud environment.

  • Manage risk from a single UI.

    Visualize risk across host OS, container images and serverless functions with intelligent risk scoring.

Code to Cloud Visibility

Contextual Risk-Based Prioritization

Reduce alert fatigue and surface the vulnerabilities that should be prioritized. Correlate vulnerabilities with multiple risk factors, including external exposure, excessive permissions, misconfigurations, sensitive data and malware.

  • Attack path prioritization.

    Minimize alert fatigue by correlating vulnerabilities with various risk factors, such as external exposure, cloud entitlements, secrets, misconfigurations, malware, and more, to highlight the vulnerabilities that should be prioritized.

  • Contextualize risk.

    Eliminate up to 99% of noise by filtering vulnerabilities tied to active packages in use.

  • Find the root cause.

    Trace the vulnerability back to the source code files and packages that led to the vulnerable workloads.

Vulnerability Management

Remediate Vulnerabilities

Address and remediate vulnerabilities before they can be exploited by malicious actors through a systematic and proactive approach.

  • See vulnerability status with remediation guidance.

    View every CVE with details and up-to-date vendor fix information, supporting all cloud-native technologies.

  • Remediate critical vulnerabilities.

    Get context and remediation steps to developers to reduce friction and the meantime to remediate (MTTR).

  • Alert on or prevent vulnerabilities across environments.

    Set precise policies to alert on or prevent vulnerable components from running on your environments.

  • Integrate data with your existing systems.

    Integrate vulnerability alerts into common endpoints, including JIRA®, Slack®, PagerDuty®, Splunk®, Cortex® XSOAR™and ServiceNow®.

Find Vulnerabilities in Code

CI/CD Integration

To secure cloud-native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

  • Support all your application components.

    Scan Git repositories, container images, AMIs and serverless functions.

  • Integrate security into your CI/CD pipeline.

    Continuously monitor container registries and explicitly define trustworthy images, registries and repositories.

  • Integrate with DevOps workflows.

    Integrate with any continuous integration (CI) solution, such as Jenkins®, CircleCI®, AWS CodeBuild, Azure® DevOps, Google Cloud Build and more.

  • Prioritize risk from central dashboards.

    View vulnerability information and compliance results, and vendor-fix information across build, deploy and run.

  • Surface scan results in developer tooling and central dashboards.

    View scan results and details, both at their source and with an aggregated view.

  • Enforce security policies to prevent builds from moving forward in pipelines.

    Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

CI/CD Integration

Software composition analysis

Built on top of the most reputable vulnerability databases and connected to the industry’s most robust infrastructure policy database, Prisma Cloud Software Composition Analysis (SCA) surfaces vulnerabilities with the context developers need to understand risk and implement fixes fast. Prisma Cloud provides the breadth and depth of open source coverage you need to stop the next big vulnerability in its tracks:

  • Scan across languages and package managers with unmatched accuracy.

    Identify vulnerabilities in open-source packages with support for popular languages and more than 30 upstream data sources to minimize false positives.

  • Leverage industry-leading sources for complete open-source security confidence.

    Scan open-source dependencies wherever they are and compare them against public databases like NVD and the Prisma Cloud Intelligence Stream to identify vulnerabilities and surface important fix information.

  • Connect infrastructure and application risks.

    Zero in on vulnerabilities exposed in your codebase to combat false positives and prioritize remediations faster.

  • Identify vulnerabilities at any dependency depth.

    Ingest package manager data to extrapolate dependency trees to the furthest layer to identify open-source risk hidden from view.

  • Visualize and catalog your software supply chain.

    Visualize your pipelines, code and all connections. Generate a software bill of materials to keep track of application risk and understand your attack surface.

Find Vulnerabilities in Code
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the most complete cloud-native application protection platform (CNAPP) in the industry, providing the broadest security and compliance coverage for infrastructure, workloads and applications. This extensive protection spans the entire cloud-native technology stack, as well as the development lifecycle and multicloud and hybrid environments.

Cloud Workload Protection Modules

Host Security

Secure virtual machines (VMs) on any public or private cloud.

Container Security

Secure Kubernetes® and other container platforms on any public or private cloud.

Serverless Security

Secure serverless functions across the full application lifecycle.

Web Application & API Security

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.

Resources

Valuable Documents