Vulnerability Management

Find and fix vulnerabilities from code to cloud.

Every time a new security vulnerability surfaces, attackers race to find the vulnerable application to exploit its weakness. Organizations need a faster, easier and more seamless way to address the situation while running applications in the cloud.

Read about Unit 42’s research on vulnerabilities in open source code.

Lack visibility from code to cloud.

Security and development teams don’t have visibility into vulnerabilities across their entire estate and have difficulty determining which resources are affected by which vulnerability.

Siloed security tooling causes coverage gaps.

Without the full context of an application’s infrastructure, it’s hard to determine the level of risk a vulnerability poses, making it difficult to prioritize risk.

Inefficient remediation

Understanding the source of the problem and the action required to fix the vulnerability is crucial to minimize downtime and keep the application running.

Manage and Prioritize Vulnerabilities from Code to Cloud

Prisma® Cloud helps to uncover blind spots, prioritize vulnerabilities by environmental risk, and manage remediation across your applications (VMs, Containers, Kubernetes, Serverless, and Open Source Software) with flexible deployment options.

Code to cloud vulnerability management
Contextual risk-based prioritization
Flexible agentless scanning and agent-based protection
Natively integrated with developer tools

Code to cloud visibility
Vulnerability management
Software composition analysis (SCA)
CI/CD integration

THE PRISMA CLOUD SOLUTION

Our approach to vulnerability management

Code to Cloud Visibility

Reduce alert fatigue and surface the vulnerabilities that should be prioritized. Correlate vulnerabilities with multiple risk factors, including external exposure, excessive permissions, misconfigurations, sensitive data, malware and more.

Code to cloud visibility
Gain visibility into all vulnerabilities across your environment across source package, git repos, and in running applications.
Priortize Vulnerabilities
Prioritize vulnerabilities that pose the greatest threat to your apps with context to filter out the ‘noise’.
Find the root cause
Trace the vulnerability back to the source code files and packages that led to the vulnerable workloads.
Remediate critical vulnerabilities
Get context and remediation steps to developers to reduce friction and the meantime to remediate (MTTR).

Vulnerability Management

Securing cloud-native applications requires a comprehensive view into vulnerabilities across the application lifecycle. Prisma Cloud delivers a centralized view to help prioritize risks in real time across public cloud, private cloud and on-premises environments for every host, container and serverless function.

Flexible deployment options.
Gain visibility into vulnerability across virtual machines, containers, kubernetes, and serverless functions with agents and agentless scanning. You get 100% continuous coverage for any application in any cloud environment.
Manage risk from a single UI.
Prioritize risk across host OS, container images and serverless functions with intelligent risk scoring.
See vulnerability status with remediation guidance.
View every CVE with details and up-to-date vendor fix information, supporting all cloud-native technologies.
Alert on or prevent vulnerabilities across environments.
Set precise policies to alert on or prevent vulnerable components from running on your environments.
Integrate data with your existing systems.
Integrate vulnerability alerts into common endpoints, including JIRA®, Slack®, PagerDuty®, Splunk®, Cortex® XSOAR™, ServiceNow® and more.

Learn more

Find Vulnerabilities in Code

Gaining visibility into protected and unprotected web applications is the first step to comprehensive protection. That’s why Prisma Cloud automatically identifies the protection status of web apps with a simple, straightforward UI to quickly enable customizable protection.

Scan across languages and package managers with unmatched accuracy.
Identify vulnerabilities in open-source packages with support for popular languages and more than 30 upstream data sources to minimize false positives.
Leverage industry-leading sources for complete open source security confidence
Scan open source dependencies wherever they are and compare them against public databases like NVD and the Prisma Cloud Intelligence Stream to identify vulnerabilities and surface important fix information.
Connect infrastructure and application risks
Zero in on vulnerabilities that are actually exposed within your codebase to combat false positives and prioritize remediations faster.
Identify vulnerabilities at any dependency depth
Ingest package manager data to extrapolate dependency trees to the furthest layer to identify open source risk hidden from view.
Visualize and catalog your software supply chain
Visualize your pipelines, code and all the connections. Generate a software bill of materials (SBOM) to keep track of application risk and understand your attack surface.

Get the checklist

CI/CD Integration

To secure cloud-native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

Support all your application components.
Scan Git repositories, container images, AMIs and serverless functions.
Integrate security into your CI/CD pipeline.
Continuously monitor container registries and explicitly define trustworthy images, registries and repositories.
Integrate with DevOps workflows.
Integrate with any continuous integration (CI) solution, such as Jenkins®, CircleCI®, AWS CodeBuild, Azure® DevOps, Google Cloud Build and more.
Prioritize risk from central dashboards.
View vulnerability information and compliance results, and vendor-fix information across build, deploy and run.
Surface scan results in developer tooling and central dashboards.
View scan results and details, both at their source and with an aggregated view.
Enforce security policies to prevent builds from moving forward in pipelines.
Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

Learn more

Prisma Cloud

Prisma® Cloud is the most complete cloud-native application protection platform (CNAPP) in the industry, providing the broadest security and compliance coverage for infrastructure, workloads and applications. This extensive protection spans the entire cloud-native technology stack, as well as the development lifecycle and multicloud and hybrid environments.