Vulnerability Management

Find and fix vulnerabilities from code to cloudTM.
Vulnerability Management Front
Vulnerability Management Back

Every time a new security vulnerability surfaces, attackers race to find the vulnerable application to exploit its weakness. Organizations need a faster, easier and more seamless way to address the situation while running applications in the cloud.

Read about Unit 42’s research on vulnerabilities in open source code.


Manage and Prioritize Vulnerabilities from Code to Cloud

Prisma® Cloud helps to uncover blind spots, prioritize vulnerabilities by environmental risk, and manage remediation across your applications (VMs, Containers, Kubernetes, Serverless, and Open Source Software) with flexible deployment options.
  • Code to cloud vulnerability management
  • Contextual risk-based prioritization
  • Flexible agentless scanning and agent-based protection
  • Natively integrated with developer tools
  • Code to cloud visibility
    Code to cloud visibility
  • Vulnerability management
    Vulnerability management
  • Software composition analysis (SCA)
    Software composition analysis (SCA)
  • CI/CD integration
    CI/CD integration

THE PRISMA CLOUD SOLUTION

Our approach to vulnerability management

Code to Cloud Visibility

Reduce alert fatigue and surface the vulnerabilities that should be prioritized. Correlate vulnerabilities with multiple risk factors, including external exposure, excessive permissions, misconfigurations, sensitive data, malware and more.

  • Code to cloud visibility

    Gain visibility into all vulnerabilities across your environment across source package, git repos, and in running applications.

  • Priortize Vulnerabilities

    Prioritize vulnerabilities that pose the greatest threat to your apps with context to filter out the ‘noise’.

  • Find the root cause

    Trace the vulnerability back to the source code files and packages that led to the vulnerable workloads.

  • Remediate critical vulnerabilities

    Get context and remediation steps to developers to reduce friction and the meantime to remediate (MTTR).

Code to Cloud Visibility

Vulnerability Management

Securing cloud-native applications requires a comprehensive view into vulnerabilities across the application lifecycle. Prisma Cloud delivers a centralized view to help prioritize risks in real time across public cloud, private cloud and on-premises environments for every host, container and serverless function.

  • Flexible deployment options.

    Gain visibility into vulnerability across virtual machines, containers, kubernetes, and serverless functions with agents and agentless scanning. You get 100% continuous coverage for any application in any cloud environment.

  • Manage risk from a single UI.

    Prioritize risk across host OS, container images and serverless functions with intelligent risk scoring.

  • See vulnerability status with remediation guidance.

    View every CVE with details and up-to-date vendor fix information, supporting all cloud-native technologies.

  • Alert on or prevent vulnerabilities across environments.

    Set precise policies to alert on or prevent vulnerable components from running on your environments.

  • Integrate data with your existing systems.

    Integrate vulnerability alerts into common endpoints, including JIRA®, Slack®, PagerDuty®, Splunk®, Cortex® XSOAR™, ServiceNow® and more.

Vulnerability Management

Find Vulnerabilities in Code

Gaining visibility into protected and unprotected web applications is the first step to comprehensive protection. That’s why Prisma Cloud automatically identifies the protection status of web apps with a simple, straightforward UI to quickly enable customizable protection.

  • Scan across languages and package managers with unmatched accuracy.

    Identify vulnerabilities in open-source packages with support for popular languages and more than 30 upstream data sources to minimize false positives.

  • Leverage industry-leading sources for complete open source security confidence

    Scan open source dependencies wherever they are and compare them against public databases like NVD and the Prisma Cloud Intelligence Stream to identify vulnerabilities and surface important fix information.

  • Connect infrastructure and application risks

    Zero in on vulnerabilities that are actually exposed within your codebase to combat false positives and prioritize remediations faster.

  • Identify vulnerabilities at any dependency depth

    Ingest package manager data to extrapolate dependency trees to the furthest layer to identify open source risk hidden from view.

  • Visualize and catalog your software supply chain

    Visualize your pipelines, code and all the connections. Generate a software bill of materials (SBOM) to keep track of application risk and understand your attack surface.

Find Vulnerabilities in Code

CI/CD Integration

To secure cloud-native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

  • Support all your application components.

    Scan Git repositories, container images, AMIs and serverless functions.

  • Integrate security into your CI/CD pipeline.

    Continuously monitor container registries and explicitly define trustworthy images, registries and repositories.

  • Integrate with DevOps workflows.

    Integrate with any continuous integration (CI) solution, such as Jenkins®, CircleCI®, AWS CodeBuild, Azure® DevOps, Google Cloud Build and more.

  • Prioritize risk from central dashboards.

    View vulnerability information and compliance results, and vendor-fix information across build, deploy and run.

  • Surface scan results in developer tooling and central dashboards.

    View scan results and details, both at their source and with an aggregated view.

  • Enforce security policies to prevent builds from moving forward in pipelines.

    Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

CI/CD Integration
Prisma Cloud
Prisma Cloud
Prisma® Cloud is the most complete cloud-native application protection platform (CNAPP) in the industry, providing the broadest security and compliance coverage for infrastructure, workloads and applications. This extensive protection spans the entire cloud-native technology stack, as well as the development lifecycle and multicloud and hybrid environments.

Cloud Workload Protection Modules

Host Security

Secure virtual machines (VMs) on any public or private cloud.

Container Security

Secure Kubernetes® and other container platforms on any public or private cloud.

Serverless Security

Secure serverless functions across the full application lifecycle.

Web Application & API Security

Protect against Layer 7 and OWASP Top 10 threats in any public or private cloud.

Resources

Valuable Documents